mirror of
git://git.gnupg.org/gnupg.git
synced 2024-11-11 21:48:50 +01:00
5e3679ae39
* kbx/keybox-search.c (blob_cmp_fpr): Avoid overflow in OFF+LEN checking. (blob_cmp_fpr_part): Ditto. (blob_cmp_name): Ditto. (blob_cmp_mail): Ditto. (blob_x509_has_grip): Ditto. (keybox_get_keyblock): Check OFF and LEN using a 64 bit var. (keybox_get_cert): Ditto. -- On most 32 bit systems size_t is 32 bit and thus the check size_t cert_off = get32 (buffer+8); size_t cert_len = get32 (buffer+12); if (cert_off+cert_len > length) return gpg_error (GPG_ERR_TOO_SHORT); does not work as intended for all supplied values. The simplest solution here is to cast them to 64 bit. In general it will be better to avoid size_t at all and work with uint64_t. We did not do this in the past because uint64_t was not universally available. GnuPG-bug-id: 3770 Signed-off-by: Werner Koch <wk@gnupg.org> |
||
---|---|---|
.. | ||
ChangeLog-2011 | ||
kbxutil.c | ||
keybox-blob.c | ||
keybox-defs.h | ||
keybox-dump.c | ||
keybox-errors.c | ||
keybox-file.c | ||
keybox-init.c | ||
keybox-openpgp.c | ||
keybox-search-desc.h | ||
keybox-search.c | ||
keybox-update.c | ||
keybox-util.c | ||
keybox.h | ||
Makefile.am | ||
Manifest | ||
mkerrors |