diff options
| author | David Shaw <[email protected]> | 2004-09-30 04:07:23 +0000 |
|---|---|---|
| committer | David Shaw <[email protected]> | 2004-09-30 04:07:23 +0000 |
| commit | ec0cc1f1356b246303feb3df14ec658af0f21b3a (patch) | |
| tree | 2068275ba944d75e881296113ecefe5fe7be58d6 | |
| parent | * keyedit.c, keylist.c, keyserver.c, mainproc.c: Reduce the many (diff) | |
| download | gnupg-ec0cc1f1356b246303feb3df14ec658af0f21b3a.tar.gz gnupg-ec0cc1f1356b246303feb3df14ec658af0f21b3a.zip | |
* mpicoder.c (mpi_read): If we must fail due to a oversize (generally
corrupt) MPI, make sure the number of bytes we read is valid so we can
skip the rest of the bad packet (in hopes the whole stream isn't invalid).
Diffstat (limited to '')
| -rw-r--r-- | mpi/ChangeLog | 7 | ||||
| -rw-r--r-- | mpi/mpicoder.c | 3 |
2 files changed, 9 insertions, 1 deletions
diff --git a/mpi/ChangeLog b/mpi/ChangeLog index 4058117c7..a595bc171 100644 --- a/mpi/ChangeLog +++ b/mpi/ChangeLog @@ -1,3 +1,10 @@ +2004-09-29 David Shaw <[email protected]> + + * mpicoder.c (mpi_read): If we must fail due to a oversize + (generally corrupt) MPI, make sure the number of bytes we read is + valid so we can skip the rest of the bad packet (in hopes the + whole stream isn't invalid). + 2004-05-20 David Shaw <[email protected]> * longlong.h: Typo. diff --git a/mpi/mpicoder.c b/mpi/mpicoder.c index 4aaf2c017..0005f21a8 100644 --- a/mpi/mpicoder.c +++ b/mpi/mpicoder.c @@ -80,15 +80,16 @@ mpi_read(IOBUF inp, unsigned *ret_nread, int secure) if( (c = iobuf_get(inp)) == -1 ) goto leave; + nread++; nbits = c << 8; if( (c = iobuf_get(inp)) == -1 ) goto leave; + nread++; nbits |= c; if( nbits > MAX_EXTERN_MPI_BITS ) { log_error("mpi too large (%u bits)\n", nbits); goto leave; } - nread = 2; nbytes = (nbits+7) / 8; nlimbs = (nbytes+BYTES_PER_MPI_LIMB-1) / BYTES_PER_MPI_LIMB; |