From 4f37820334fadd8c5036ea6c42f3dc242665c4a9 Mon Sep 17 00:00:00 2001 From: "Neal H. Walfield" Date: Fri, 21 Aug 2015 10:38:41 +0200 Subject: common: Don't assume on-disk layout matches in-memory layout. * g10/packet.h (PKT_signature): Change revkey's type from a struct revocation_key ** to a struct revocation_key *. Update users. -- revkey was a pointer into the raw data. But, C doesn't guarantee that there is no padding. Thus, we copy the data. Signed-off-by: Neal H. Walfield . --- g10/parse-packet.c | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) (limited to 'g10/parse-packet.c') diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 1467dc32a..bc9965331 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -1711,25 +1711,31 @@ parse_sig_subpkt2 (PKT_signature * sig, sigsubpkttype_t reqtype) void parse_revkeys (PKT_signature * sig) { - struct revocation_key *revkey; + const byte *revkey; int seq = 0; size_t len; if (sig->sig_class != 0x1F) return; - while ((revkey = - (struct revocation_key *) enum_sig_subpkt (sig->hashed, - SIGSUBPKT_REV_KEY, - &len, &seq, NULL))) + while ((revkey = enum_sig_subpkt (sig->hashed, SIGSUBPKT_REV_KEY, + &len, &seq, NULL))) { - if (len == sizeof (struct revocation_key) - && (revkey->class & 0x80)) /* 0x80 bit must be set. */ + if (/* The only valid length is 22 bytes. See RFC 4880 + 5.2.3.15. */ + len == 22 + /* 0x80 bit must be set on the class. */ + && (revkey[0] & 0x80)) { sig->revkey = xrealloc (sig->revkey, - sizeof (struct revocation_key *) * + sizeof (struct revocation_key) * (sig->numrevkeys + 1)); - sig->revkey[sig->numrevkeys] = revkey; + + /* Copy the individual fields. */ + sig->revkey[sig->numrevkeys].class = revkey[0]; + sig->revkey[sig->numrevkeys].algid = revkey[1]; + memcpy (sig->revkey[sig->numrevkeys].fpr, &revkey[2], 20); + sig->numrevkeys++; } } -- cgit v1.2.3