diff options
| author | Werner Koch <[email protected]> | 2014-11-26 09:21:01 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2014-11-26 09:21:01 +0000 |
| commit | 1c2140346d6ef9c35e303099d2d15be57869b4d5 (patch) | |
| tree | 26c369973f90d9e49c54ea8f62ee4520ead2c038 | |
| parent | Fix buffer overflow in openpgp_oid_to_str. (diff) | |
| download | gnupg-1c2140346d6ef9c35e303099d2d15be57869b4d5.tar.gz gnupg-1c2140346d6ef9c35e303099d2d15be57869b4d5.zip | |
gpg: Change a bug() call to a regular error message.
* g10/decrypt-data.c (decrypt_data): Return an error code instead of
calling BUG().
--
This code path can be triggered by fuzzing gpg and thus with some
likeness also by corrupt messages for other reasons.
| -rw-r--r-- | g10/decrypt-data.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/g10/decrypt-data.c b/g10/decrypt-data.c index 9c6ae73bf..03d38c9c9 100644 --- a/g10/decrypt-data.c +++ b/g10/decrypt-data.c @@ -130,7 +130,12 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek) log_fatal ("unsupported blocksize %u\n", blocksize ); nprefix = blocksize; if ( ed->len && ed->len < (nprefix+2) ) - BUG(); + { + /* An invalid message. We can't check that during parsing + because we may not know the used cipher then. */ + rc = gpg_error (GPG_ERR_INV_PACKET); + goto leave; + } if ( ed->mdc_method ) { |