security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

scd: Another fix for Curve25519 prefix handling. 

* scd/app-openpgp.c (do_decipher): Check 0x02 also for 16+1 byte long
INDATA.
(do_decipher): Fix integer arithmetic in void pointer.
(do_decipher): Add missing memcpy.
--

I have not tested this fix but it is obvious.

Fixes-commit: 11b2691edd
Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2015-12-03 13:46:03 +01:00
parent 0f61599ed0
commit e28f2e7a2f
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
scd/app-openpgp.c
View File

@ -4114,10 +4114,12 @@ do_decipher (app_t app, const char *keyidstr,
if (rc)
return rc;
if (indatalen == 16 + 1 || indatalen == 32 + 1
if ((indatalen == 16 + 1 || indatalen == 32 + 1)
&& ((char *)indata)[0] == 0x02)
/* PSO:DECIPHER with symmetric key. */
padind = -1;
{
/* PSO:DECIPHER with symmetric key. */
padind = -1;
}
else if (app->app_local->keyattr[1].key_type == KEY_TYPE_RSA)
{
/* We might encounter a couple of leading zeroes in the
@ -4179,7 +4181,7 @@ do_decipher (app_t app, const char *keyidstr,
* Skip the prefix. It may be 0x40 (in new format), or MPI
* head of 0x00 (in old format).
*/
indata++;
indata = (const char *)indata + 1;
indatalen--;
}
@ -4231,9 +4233,10 @@ do_decipher (app_t app, const char *keyidstr,
xfree (outdata);
return gpg_error_from_syserror ();
}
fixbuf[0] = 0x40;
memcpy (fixbuf+1, *outdata, *outdatalen);
xfree (outdata);
outdata = fixbuf;
outdata[0] = 0x40;
*outdata = fixbuf;
*outdatalen = *outdatalen + 1;
}