From 2183683bd633818dd031b090b5530951de76f392 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 11 Feb 2015 10:27:57 +0100
Subject: Use inline functions to convert buffer data to scalars.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* common/host2net.h (buf16_to_ulong, buf16_to_uint): New.
(buf16_to_ushort, buf16_to_u16): New.
(buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New.
--

Commit 91b826a38880fd8a989318585eb502582636ddd8 was not enough to
avoid all sign extension on shift problems.  Hanno Böck found a case
with an invalid read due to this problem.  To fix that once and for
all almost all uses of "<< 24" and "<< 8" are changed by this patch to
use an inline function from host2net.h.

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 kbx/keybox-openpgp.c | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

(limited to 'kbx/keybox-openpgp.c')

diff --git a/kbx/keybox-openpgp.c b/kbx/keybox-openpgp.c
index 6ae6c44ce..2cac242e9 100644
--- a/kbx/keybox-openpgp.c
+++ b/kbx/keybox-openpgp.c
@@ -36,7 +36,7 @@
 #include <gcrypt.h>
 
 #include "../common/openpgpdefs.h"
-
+#include "host2net.h"
 
 /* Assume a valid OpenPGP packet at the address pointed to by BUFBTR
    which has a maximum length as stored at BUFLEN.  Return the header
@@ -94,10 +94,8 @@ next_packet (unsigned char const **bufptr, size_t *buflen,
         {
           if (len <4 )
             return gpg_error (GPG_ERR_INV_PACKET); /* No length bytes. */
-          pktlen  = (*buf++) << 24;
-          pktlen |= (*buf++) << 16;
-          pktlen |= (*buf++) << 8;
-          pktlen |= (*buf++);
+          pktlen = buf32_to_ulong (buf);
+          buf += 4;
           len -= 4;
       }
       else /* Partial length encoding is not allowed for key packets. */
-- 
cgit v1.2.3