From 2183683bd633818dd031b090b5530951de76f392 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Wed, 11 Feb 2015 10:27:57 +0100 Subject: Use inline functions to convert buffer data to scalars. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * common/host2net.h (buf16_to_ulong, buf16_to_uint): New. (buf16_to_ushort, buf16_to_u16): New. (buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New. -- Commit 91b826a38880fd8a989318585eb502582636ddd8 was not enough to avoid all sign extension on shift problems. Hanno Böck found a case with an invalid read due to this problem. To fix that once and for all almost all uses of "<< 24" and "<< 8" are changed by this patch to use an inline function from host2net.h. Signed-off-by: Werner Koch --- agent/cvt-openpgp.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'agent/cvt-openpgp.c') diff --git a/agent/cvt-openpgp.c b/agent/cvt-openpgp.c index 5f944934a..cadc87180 100644 --- a/agent/cvt-openpgp.c +++ b/agent/cvt-openpgp.c @@ -27,6 +27,7 @@ #include "agent.h" #include "i18n.h" #include "cvt-openpgp.h" +#include "host2net.h" /* Helper to pass data via the callback to do_unprotect. */ @@ -487,7 +488,7 @@ do_unprotect (const char *passphrase, ndata = (ndatabits+7)/8; if (ndata > 1) - csum_pgp7 = p[ndata-2] << 8 | p[ndata-1]; + csum_pgp7 = buf16_to_u16 (p+ndata-2); data = xtrymalloc_secure (ndata); if (!data) { @@ -531,7 +532,7 @@ do_unprotect (const char *passphrase, } else { - desired_csum = (data[ndata-2] << 8 | data[ndata-1]); + desired_csum = buf16_to_u16 (data+ndata-2); actual_csum = checksum (data, ndata-2); if (desired_csum != actual_csum) { @@ -586,7 +587,7 @@ do_unprotect (const char *passphrase, p = gcry_mpi_get_opaque (skey[i], &ndatabits); ndata = (ndatabits+7)/8; - if (!(ndata >= 2) || !(ndata == ((p[0] << 8 | p[1]) + 7)/8 + 2)) + if (!(ndata >= 2) || !(ndata == (buf16_to_ushort (p) + 7)/8 + 2)) { gcry_cipher_close (cipher_hd); return gpg_error (GPG_ERR_BAD_SECKEY); -- cgit v1.2.3