diff options
| author | Collin Funk via Gnupg-devel <[email protected]> | 2025-05-24 06:52:46 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2025-05-24 11:31:24 +0000 |
| commit | 01cb3ba62d77152574c5c36d516c2d2793c09332 (patch) | |
| tree | 5b095ded58aebe0c5ed854c3fbe81872f0b50372 | |
| parent | gpg,agent: Clean up around using ECC KEM. (diff) | |
| download | gnupg-01cb3ba62d77152574c5c36d516c2d2793c09332.tar.gz gnupg-01cb3ba62d77152574c5c36d516c2d2793c09332.zip | |
common: Fix read buffer over-read in uncompress_ecc_q_in_canon_sexp.
* common/sexputil.c (uncompress_ecc_q_in_canon_sexp): Only call memcmp
if the lengths are equal.
--
GnuPG-bug-id: 7662
Signed-off-by: Collin Funk <[email protected]>
| -rw-r--r-- | common/sexputil.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/common/sexputil.c b/common/sexputil.c index e00590ac7..fcd15ebc6 100644 --- a/common/sexputil.c +++ b/common/sexputil.c @@ -784,11 +784,11 @@ uncompress_ecc_q_in_canon_sexp (const unsigned char *keydata, return err; if (!tok) return gpg_error (GPG_ERR_BAD_PUBKEY); - else if (toklen == 10 || !memcmp ("public-key", tok, toklen)) + else if (toklen == 10 && !memcmp ("public-key", tok, toklen)) ; - else if (toklen == 11 || !memcmp ("private-key", tok, toklen)) + else if (toklen == 11 && !memcmp ("private-key", tok, toklen)) ; - else if (toklen == 20 || !memcmp ("shadowed-private-key", tok, toklen)) + else if (toklen == 20 && !memcmp ("shadowed-private-key", tok, toklen)) ; else return gpg_error (GPG_ERR_BAD_PUBKEY); |