diff options
| author | NIIBE Yutaka <[email protected]> | 2018-08-10 06:29:06 +0000 |
|---|---|---|
| committer | NIIBE Yutaka <[email protected]> | 2018-08-10 06:38:57 +0000 |
| commit | 822c633845066756b6442ca67b93b4b5c4316ca0 (patch) | |
| tree | e6c593711f2971c8eda11c942af1f9b3b02705e1 /g10/parse-packet.c | |
| parent | gpg: Set a limit for a WKD import of 256 KiB. (diff) | |
| download | gnupg-822c633845066756b6442ca67b93b4b5c4316ca0.tar.gz gnupg-822c633845066756b6442ca67b93b4b5c4316ca0.zip | |
g10: Fix undefined behavior when EOF in parsing packet for S2K.
* g10/parse-packet.c (parse_symkeyenc): Use iobuf_get_noeof.
(parse_key): Likewise.
--
Cherry picked from master commit:
1b309d9f6199a91caa0ca0b97b92d599e00b736e
When EOF comes at parsing s2k.count, it is possible the value will
be (unsigned long)-1. Then, the result of S2K_DECODE_COUNT will be
undefined. This patch fixes undefined behavior.
Reported-by: Philippe Antoine
GnuPG-bug-id: 4093
Signed-off-by: NIIBE Yutaka <[email protected]>
Diffstat (limited to '')
| -rw-r--r-- | g10/parse-packet.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/g10/parse-packet.c b/g10/parse-packet.c index a64d4f723..8d0be1983 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -1171,7 +1171,7 @@ parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen, } if (s2kmode == 3) { - k->s2k.count = iobuf_get (inp); + k->s2k.count = iobuf_get_noeof (inp); pktlen--; } k->seskeylen = seskeylen; @@ -2489,7 +2489,7 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen, err = gpg_error (GPG_ERR_INV_PACKET); goto leave; } - ski->s2k.count = iobuf_get (inp); + ski->s2k.count = iobuf_get_noeof (inp); pktlen--; if (list_mode) es_fprintf (listfp, "\tprotect count: %lu (%lu)\n", |