scd: Take care of possible buffer overflow in do_auth.

* scd/app-openpgp.c (do_auth): Check the length in the heuristic. -- Signed-off-by: NIIBE Yutaka <[email protected]>
author: NIIBE Yutaka <[email protected]> 2025-06-05 01:21:48 +0000
committer: NIIBE Yutaka <[email protected]> 2025-06-05 01:24:07 +0000
commit: 27e6622322b53740175530de808643e72242f740 (patch)
tree: 22ffbe46595804ba81c232b8e2cedb5151a2c7a0 /scd
parent: scd: Fix detecting digest OID in the message to be signed. (diff)
download: gnupg-27e6622322b53740175530de808643e72242f740.tar.gz
gnupg-27e6622322b53740175530de808643e72242f740.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
index cff3ca619..888e23739 100644
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@@ -5641,13 +5641,15 @@ do_auth (app_t app, ctrl_t ctrl, const char *keyidstr,
 
   if (app->app_local->keyattr[2].key_type == KEY_TYPE_ECC)
     {
+      /* This is a heuristic to strip off the OID of digest.  Fully
+         implemented, it would be use of X macro in do_sign above.  */
       if (indatalen == 51 || indatalen == 67 || indatalen == 83)
         {
           const char *p = (const char *)indata + 19;
           indata = p;
           indatalen -= 19;
         }
-      else
+      else if (indatalen > 15)
         {
           const char *p = (const char *)indata + 15;
           indata = p;
author	NIIBE Yutaka <[email protected]>	2025-06-05 01:21:48 +0000
committer	NIIBE Yutaka <[email protected]>	2025-06-05 01:24:07 +0000
commit	27e6622322b53740175530de808643e72242f740 (patch)
tree	22ffbe46595804ba81c232b8e2cedb5151a2c7a0 /scd
parent	scd: Fix detecting digest OID in the message to be signed. (diff)
download	gnupg-27e6622322b53740175530de808643e72242f740.tar.gz gnupg-27e6622322b53740175530de808643e72242f740.zip