diff options
| author | Neal H. Walfield <[email protected]> | 2015-08-19 11:41:12 +0000 |
|---|---|---|
| committer | Neal H. Walfield <[email protected]> | 2015-08-20 12:16:31 +0000 |
| commit | 0add91ae1ca3718e8140af09294c595f47c958d3 (patch) | |
| tree | 1594decb506e643cbdab8b69f96ffeea6d7ae468 /g10/parse-packet.c | |
| parent | g10/parse-packet.c: Replace literal with symbolic expression. (diff) | |
| download | gnupg-0add91ae1ca3718e8140af09294c595f47c958d3.tar.gz gnupg-0add91ae1ca3718e8140af09294c595f47c958d3.zip | |
g10/parse-packet.c:parse: Try harder to not ignore an EOF.
* g10/parse-packet.c (parse): Be more robust: make sure to process any
EOF.
--
Signed-off-by: Neal H. Walfield <[email protected]>.
Diffstat (limited to 'g10/parse-packet.c')
| -rw-r--r-- | g10/parse-packet.c | 31 |
1 files changed, 25 insertions, 6 deletions
diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 1335403c0..cd202dae7 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -549,16 +549,28 @@ parse (IOBUF inp, PACKET * pkt, int onlykeypkts, off_t * retpos, } else if (c == 255) { - pktlen = (unsigned long)(hdr[hdrlen++] = iobuf_get_noeof (inp)) << 24; - pktlen |= (hdr[hdrlen++] = iobuf_get_noeof (inp)) << 16; - pktlen |= (hdr[hdrlen++] = iobuf_get_noeof (inp)) << 8; - if ((c = iobuf_get (inp)) == -1) + int i; + int eof = 0; + char value[4]; + + for (i = 0; i < 4; i ++) + if ((value[i] = hdr[hdrlen++] = iobuf_get (inp)) == -1) + { + eof = 1; + break; + } + + if (eof) { log_error ("%s: 4 byte length invalid\n", iobuf_where (inp)); rc = gpg_error (GPG_ERR_INV_PACKET); goto leave; } - pktlen |= (hdr[hdrlen++] = c); + + pktlen = (((unsigned long) value[0] << 24) + | ((unsigned long) value[1] << 16) + | ((unsigned long) value[2] << 8) + | ((unsigned long) value[3])); } else /* Partial body length. */ { @@ -611,7 +623,14 @@ parse (IOBUF inp, PACKET * pkt, int onlykeypkts, off_t * retpos, for (; lenbytes; lenbytes--) { pktlen <<= 8; - pktlen |= hdr[hdrlen++] = iobuf_get_noeof (inp); + c = iobuf_get (inp); + if (c == -1) + { + log_error ("%s: length invalid\n", iobuf_where (inp)); + rc = gpg_error (GPG_ERR_INV_PACKET); + goto leave; + } + pktlen |= hdr[hdrlen++] = c; } } } |