diff options
Diffstat (limited to 'g10/ChangeLog')
| -rw-r--r-- | g10/ChangeLog | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index 53fc4bcc4..a8dc0f013 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,11 @@ +2006-06-09 David Shaw <[email protected]> + + * parse-packet.c (parse_user_id): Cap the user ID size at 2048 + bytes. This prevents a memory allocation attack with a very large + user ID. A very large packet length could even cause the + allocation (a u32) to wrap around to a small number. Noted by + Evgeny Legerov on full-disclosure. + 2006-05-25 David Shaw <[email protected]> * keygen.c (gen_dsa): Allow generating DSA2 keys |