From a2a90717466a88756bbdc6b11577cfee061fc1a8 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Tue, 28 May 2019 12:13:27 +0200
Subject: agent: Make an MD encoding function more robust.

* agent/pksign.c (do_encode_md): Use ascii_tolower and avoid
uninitalized TMP in the error case.
--

This is just in case libgcrypt ever returns an algorithm name longer
than 15 bytes.

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 agent/pksign.c | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

(limited to 'agent/pksign.c')

diff --git a/agent/pksign.c b/agent/pksign.c
index d9519d1bd..4a43b09de 100644
--- a/agent/pksign.c
+++ b/agent/pksign.c
@@ -44,16 +44,21 @@ do_encode_md (const byte * md, size_t mdlen, int algo, gcry_sexp_t * r_hash,
       int i;
 
       s = gcry_md_algo_name (algo);
-      if (s && strlen (s) < 16)
+      if (!s || strlen (s) >= 16)
+        {
+          hash = NULL;
+          rc = gpg_error (GPG_ERR_DIGEST_ALGO);
+        }
+      else
 	{
-	  for (i=0; i < strlen (s); i++)
-	    tmp[i] = tolower (s[i]);
+	  for (i=0; s[i]; i++)
+	    tmp[i] = ascii_tolower (s[i]);
 	  tmp[i] = '\0';
-	}
 
-      rc = gcry_sexp_build (&hash, NULL,
-			    "(data (flags pkcs1) (hash %s %b))",
-			    tmp, (int)mdlen, md);
+          rc = gcry_sexp_build (&hash, NULL,
+                                "(data (flags pkcs1) (hash %s %b))",
+                                tmp, (int)mdlen, md);
+	}
     }
   else
     {
-- 
cgit v1.2.3