diff options
| author | Werner Koch <[email protected]> | 2020-08-28 07:07:59 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2020-08-28 07:09:34 +0000 |
| commit | d2fe2ffd753706d07b26fbe22b17a561a2e535fc (patch) | |
| tree | c830cb1d28b601ba983195818f50160c33c8262f | |
| parent | Post release updates (diff) | |
| download | gnupg-d2fe2ffd753706d07b26fbe22b17a561a2e535fc.tar.gz gnupg-d2fe2ffd753706d07b26fbe22b17a561a2e535fc.zip | |
sm: Fix a bug in the rfc2253 parser
* sm/certdump.c (parse_dn_part): Fix parser flaw.
--
This could in theory result in reading bytes after a after Nul in a
string and thus possible segv on unallocated memory or reading other
parts of the memory. However, it is harmless because the rfc2253
strings have been constructed by libksba.
GnuPG-bug-id: 5037
Signed-off-by: Werner Koch <[email protected]>
| -rw-r--r-- | sm/certdump.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sm/certdump.c b/sm/certdump.c index c177cabcf..57e8112fd 100644 --- a/sm/certdump.c +++ b/sm/certdump.c @@ -427,7 +427,7 @@ parse_dn_part (struct dn_array_s *array, const unsigned char *string) { /* hexstring */ string++; for (s=string; hexdigitp (s); s++) - s++; + ; n = s - string; if (!n || (n & 1)) return NULL; /* Empty or odd number of digits. */ |