mirror of git://git.gnupg.org/gnupg.git
5e3679ae39
* kbx/keybox-search.c (blob_cmp_fpr): Avoid overflow in OFF+LEN
checking.
(blob_cmp_fpr_part): Ditto.
(blob_cmp_name): Ditto.
(blob_cmp_mail): Ditto.
(blob_x509_has_grip): Ditto.
(keybox_get_keyblock): Check OFF and LEN using a 64 bit var.
(keybox_get_cert): Ditto.
--
On most 32 bit systems size_t is 32 bit and thus the check
size_t cert_off = get32 (buffer+8);
size_t cert_len = get32 (buffer+12);
if (cert_off+cert_len > length)
return gpg_error (GPG_ERR_TOO_SHORT);
does not work as intended for all supplied values. The simplest
solution here is to cast them to 64 bit.
In general it will be better to avoid size_t at all and work with
uint64_t. We did not do this in the past because uint64_t was not
universally available.
GnuPG-bug-id: 3770
Signed-off-by: Werner Koch <wk@gnupg.org>
|
||
|---|---|---|
| .. | ||
| ChangeLog-2011 | ||
| Makefile.am | ||
| Manifest | ||
| kbxutil.c | ||
| keybox-blob.c | ||
| keybox-defs.h | ||
| keybox-dump.c | ||
| keybox-errors.c | ||
| keybox-file.c | ||
| keybox-init.c | ||
| keybox-openpgp.c | ||
| keybox-search-desc.h | ||
| keybox-search.c | ||
| keybox-update.c | ||
| keybox-util.c | ||
| keybox.h | ||
| mkerrors | ||