diff options
| author | NIIBE Yutaka <[email protected]> | 2025-06-05 01:21:48 +0000 |
|---|---|---|
| committer | NIIBE Yutaka <[email protected]> | 2025-06-05 01:24:07 +0000 |
| commit | 27e6622322b53740175530de808643e72242f740 (patch) | |
| tree | 22ffbe46595804ba81c232b8e2cedb5151a2c7a0 | |
| parent | scd: Fix detecting digest OID in the message to be signed. (diff) | |
| download | gnupg-27e6622322b53740175530de808643e72242f740.tar.gz gnupg-27e6622322b53740175530de808643e72242f740.zip | |
scd: Take care of possible buffer overflow in do_auth.
* scd/app-openpgp.c (do_auth): Check the length in the heuristic.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
| -rw-r--r-- | scd/app-openpgp.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index cff3ca619..888e23739 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -5641,13 +5641,15 @@ do_auth (app_t app, ctrl_t ctrl, const char *keyidstr, if (app->app_local->keyattr[2].key_type == KEY_TYPE_ECC) { + /* This is a heuristic to strip off the OID of digest. Fully + implemented, it would be use of X macro in do_sign above. */ if (indatalen == 51 || indatalen == 67 || indatalen == 83) { const char *p = (const char *)indata + 19; indata = p; indatalen -= 19; } - else + else if (indatalen > 15) { const char *p = (const char *)indata + 15; indata = p; |