1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-05 12:31:50 +01:00

scd: Another fix for Curve25519 prefix handling.

* scd/app-openpgp.c (do_decipher): Check 0x02 also for 16+1 byte long
INDATA.
(do_decipher): Fix integer arithmetic in void pointer.
(do_decipher): Add missing memcpy.
--

I have not tested this fix but it is obvious.

Fixes-commit: 11b2691eddc42e91651e4f95dd2731255a3e9211
Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2015-12-03 13:46:03 +01:00
parent 0f61599ed0
commit e28f2e7a2f
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B

View File

@ -4114,10 +4114,12 @@ do_decipher (app_t app, const char *keyidstr,
if (rc) if (rc)
return rc; return rc;
if (indatalen == 16 + 1 || indatalen == 32 + 1 if ((indatalen == 16 + 1 || indatalen == 32 + 1)
&& ((char *)indata)[0] == 0x02) && ((char *)indata)[0] == 0x02)
{
/* PSO:DECIPHER with symmetric key. */ /* PSO:DECIPHER with symmetric key. */
padind = -1; padind = -1;
}
else if (app->app_local->keyattr[1].key_type == KEY_TYPE_RSA) else if (app->app_local->keyattr[1].key_type == KEY_TYPE_RSA)
{ {
/* We might encounter a couple of leading zeroes in the /* We might encounter a couple of leading zeroes in the
@ -4179,7 +4181,7 @@ do_decipher (app_t app, const char *keyidstr,
* Skip the prefix. It may be 0x40 (in new format), or MPI * Skip the prefix. It may be 0x40 (in new format), or MPI
* head of 0x00 (in old format). * head of 0x00 (in old format).
*/ */
indata++; indata = (const char *)indata + 1;
indatalen--; indatalen--;
} }
@ -4231,9 +4233,10 @@ do_decipher (app_t app, const char *keyidstr,
xfree (outdata); xfree (outdata);
return gpg_error_from_syserror (); return gpg_error_from_syserror ();
} }
fixbuf[0] = 0x40;
memcpy (fixbuf+1, *outdata, *outdatalen);
xfree (outdata); xfree (outdata);
outdata = fixbuf; *outdata = fixbuf;
outdata[0] = 0x40;
*outdatalen = *outdatalen + 1; *outdatalen = *outdatalen + 1;
} }