diff options
| author | NIIBE Yutaka <[email protected]> | 2018-08-10 06:29:06 +0000 |
|---|---|---|
| committer | NIIBE Yutaka <[email protected]> | 2018-08-10 06:29:06 +0000 |
| commit | 1b309d9f6199a91caa0ca0b97b92d599e00b736e (patch) | |
| tree | cd1713dc5519c9279108c232226cc23a0199fc01 | |
| parent | gpg: Set a limit for a WKD import of 256 KiB. (diff) | |
| download | gnupg-1b309d9f6199a91caa0ca0b97b92d599e00b736e.tar.gz gnupg-1b309d9f6199a91caa0ca0b97b92d599e00b736e.zip | |
g10: Fix undefined behavior when EOF in parsing packet for S2K.
* g10/parse-packet.c (parse_symkeyenc): Use iobuf_get_noeof.
(parse_key): Likewise.
--
When EOF comes at parsing s2k.count, it is possible the value will
be (unsigned long)-1. Then, the result of S2K_DECODE_COUNT will be
undefined. This patch fixes undefined behavior.
Reported-by: Philippe Antoine
GnuPG-bug-id: 4093
Signed-off-by: NIIBE Yutaka <[email protected]>
| -rw-r--r-- | g10/parse-packet.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/g10/parse-packet.c b/g10/parse-packet.c index e933abfa0..0fa8be62c 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -1186,7 +1186,7 @@ parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen, } if (s2kmode == 3) { - k->s2k.count = iobuf_get (inp); + k->s2k.count = iobuf_get_noeof (inp); pktlen--; } k->seskeylen = seskeylen; @@ -2528,7 +2528,7 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen, err = gpg_error (GPG_ERR_INV_PACKET); goto leave; } - ski->s2k.count = iobuf_get (inp); + ski->s2k.count = iobuf_get_noeof (inp); pktlen--; if (list_mode) es_fprintf (listfp, "\tprotect count: %lu (%lu)\n", |