common: Fix read buffer over-read in uncompress_ecc_q_in_canon_sexp.STABLE-BRANCH-2-2

* common/sexputil.c (uncompress_ecc_q_in_canon_sexp): Only call memcmp if the lengths are equal. -- GnuPG-bug-id: 7662 Signed-off-by: Collin Funk <[email protected]>
author: Collin Funk via Gnupg-devel <[email protected]> 2025-05-24 06:52:46 +0000
committer: Werner Koch <[email protected]> 2025-05-24 11:32:22 +0000
commit: f3dfbe3fcdc0329fcc11524538d6f78beb94cde8 (patch)
tree: f1af53e44cfca4b179fac22111a838d1d998dbd3
parent: gpgsm: Make use of the de-vs flag in the trustlist.txt. (diff)
download: gnupg-STABLE-BRANCH-2-2.tar.gz
gnupg-STABLE-BRANCH-2-2.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/common/sexputil.c b/common/sexputil.c
index b97e174a1..349c38333 100644
--- a/common/sexputil.c
+++ b/common/sexputil.c
@@ -784,11 +784,11 @@ uncompress_ecc_q_in_canon_sexp (const unsigned char *keydata,
     return err;
   if (!tok)
     return gpg_error (GPG_ERR_BAD_PUBKEY);
-  else if (toklen == 10 || !memcmp ("public-key", tok, toklen))
+  else if (toklen == 10 && !memcmp ("public-key", tok, toklen))
     ;
-  else if (toklen == 11 || !memcmp ("private-key", tok, toklen))
+  else if (toklen == 11 && !memcmp ("private-key", tok, toklen))
     ;
-  else if (toklen == 20 || !memcmp ("shadowed-private-key", tok, toklen))
+  else if (toklen == 20 && !memcmp ("shadowed-private-key", tok, toklen))
     ;
   else
     return gpg_error (GPG_ERR_BAD_PUBKEY);
author	Collin Funk via Gnupg-devel <[email protected]>	2025-05-24 06:52:46 +0000
committer	Werner Koch <[email protected]>	2025-05-24 11:32:22 +0000
commit	f3dfbe3fcdc0329fcc11524538d6f78beb94cde8 (patch)
tree	f1af53e44cfca4b179fac22111a838d1d998dbd3
parent	gpgsm: Make use of the de-vs flag in the trustlist.txt. (diff)
download	gnupg-STABLE-BRANCH-2-2.tar.gz gnupg-STABLE-BRANCH-2-2.zip