1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

* pkclist.c (select_algo_from_prefs): Make sure the scores can't

overflow when picking an algorithm (not a security issue since we
can't pick something not present in all preference lists, but we might
pick something that isn't scored first choice).
This commit is contained in:
David Shaw 2010-10-29 17:39:30 +00:00
parent a6b47500ac
commit d89e59bdb3
2 changed files with 17 additions and 4 deletions

View File

@ -1,3 +1,10 @@
2010-10-29 David Shaw <dshaw@jabberwocky.com>
* pkclist.c (select_algo_from_prefs): Make sure the scores can't
overflow when picking an algorithm (not a security issue since we
can't pick something not present in all preference lists, but we
might pick something that isn't scored first choice).
2010-10-27 Werner Koch <wk@g10code.com>
* keygen.c (ask_expire_interval): Print 2038 warning only for 32

View File

@ -1,6 +1,6 @@
/* pkclist.c
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
* 2008 Free Software Foundation, Inc.
* 2008, 2010 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -1267,8 +1267,8 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype,
const prefitem_t *prefs;
int result=-1,i;
unsigned int best=-1;
byte scores[256];
u16 scores[256];
if( !pk_list )
return -1;
@ -1330,7 +1330,13 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype,
{
if( prefs[i].type == preftype )
{
scores[prefs[i].value]+=rank;
/* Make sure all scores don't add up past 0xFFFF
(and roll around) */
if(rank+scores[prefs[i].value]<=0xFFFF)
scores[prefs[i].value]+=rank;
else
scores[prefs[i].value]=0xFFFF;
mask[prefs[i].value/32] |= 1<<(prefs[i].value%32);
rank++;