From 2183683bd633818dd031b090b5530951de76f392 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 11 Feb 2015 10:27:57 +0100
Subject: Use inline functions to convert buffer data to scalars.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* common/host2net.h (buf16_to_ulong, buf16_to_uint): New.
(buf16_to_ushort, buf16_to_u16): New.
(buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New.
--

Commit 91b826a38880fd8a989318585eb502582636ddd8 was not enough to
avoid all sign extension on shift problems.  Hanno Böck found a case
with an invalid read due to this problem.  To fix that once and for
all almost all uses of "<< 24" and "<< 8" are changed by this patch to
use an inline function from host2net.h.

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 common/pka.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

(limited to 'common/pka.c')

diff --git a/common/pka.c b/common/pka.c
index d47216298..4ead97f63 100644
--- a/common/pka.c
+++ b/common/pka.c
@@ -51,6 +51,7 @@
 #endif
 
 #include "util.h"
+#include "host2net.h"
 #include "pka.h"
 
 #ifdef USE_DNS_PKA
@@ -252,13 +253,14 @@ get_pka_info (const char *address, unsigned char *fpr)
       if (p >= pend - 10)
         return NULL; /* RR too short. */
 
-      type = *p++ << 8;
-      type |= *p++;
-      class = *p++ << 8;
-      class |= *p++;
+      type = buf16_to_uint (p);
+      p += 2;
+      class = buf16_to_uint (p);
+      p += 2;
       p += 4;
-      txtlen = *p++ << 8;
-      txtlen |= *p++;
+      txtlen = buf16_to_uint (p);
+      p += 2;
+
       if (type != T_TXT || class != C_IN)
         return NULL; /* Answer does not match the query. */
 
-- 
cgit v1.2.3