security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

sm: Fix a bug in the rfc2253 parser 

* sm/certdump.c (parse_dn_part): Fix parser flaw.
--

This could in theory result in reading bytes after a after Nul in a
string and thus possible segv on unallocated memory or reading other
parts of the memory.  However, it is harmless because the rfc2253
strings have been constructed by libksba.

GnuPG-bug-id: 5037
Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2020-08-28 09:07:59 +02:00
parent f799b3ddbb
commit d2fe2ffd75
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sm/certdump.c
View File

@ -427,7 +427,7 @@ parse_dn_part (struct dn_array_s *array, const unsigned char *string)
{ /* hexstring */
string++;
for (s=string; hexdigitp (s); s++)
s++;
;
n = s - string;
if (!n || (n & 1))
return NULL; /* Empty or odd number of digits. */