diff options
| author | Werner Koch <[email protected]> | 2018-02-06 16:34:08 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2018-02-06 16:37:27 +0000 |
| commit | 8305739fe857ed3378f885bb43777fd518dd1060 (patch) | |
| tree | ffd1bcc12c2421a761f3b1ff5cce3d1cb47a6c35 /g10/parse-packet.c | |
| parent | Add a new OpenPGP card vendor. (diff) | |
| download | gnupg-8305739fe857ed3378f885bb43777fd518dd1060.tar.gz gnupg-8305739fe857ed3378f885bb43777fd518dd1060.zip | |
gpg: Fix packet length checking in symkeyenc parser.
* g10/parse-packet.c (parse_symkeyenc): Move error printing to the
end. Add additional check to cope for the 0je extra bytes needed for
AEAD.
--
Fixes-commit: 9aab9167bca38323973e853845ca95ae8e9b6871
GnuPG-bug-id: 3780
Diffstat (limited to 'g10/parse-packet.c')
| -rw-r--r-- | g10/parse-packet.c | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 5c6d364ee..e3ff4321e 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -1108,13 +1108,7 @@ parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen, int i, version, s2kmode, cipher_algo, aead_algo, hash_algo, seskeylen, minlen; if (pktlen < 4) - { - log_error ("packet(%d) too short\n", pkttype); - if (list_mode) - es_fprintf (listfp, ":symkey enc packet: [too short]\n"); - rc = gpg_error (GPG_ERR_INV_PACKET); - goto leave; - } + goto too_short; version = iobuf_get_noeof (inp); pktlen--; if (version == 4) @@ -1146,6 +1140,8 @@ parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen, } else aead_algo = 0; + if (pktlen < 2) + goto too_short; s2kmode = iobuf_get_noeof (inp); pktlen--; hash_algo = iobuf_get_noeof (inp); @@ -1241,6 +1237,13 @@ parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen, leave: iobuf_skip_rest (inp, pktlen, 0); return rc; + + too_short: + log_error ("packet(%d) too short\n", pkttype); + if (list_mode) + es_fprintf (listfp, ":symkey enc packet: [too short]\n"); + rc = gpg_error (GPG_ERR_INV_PACKET); + goto leave; } |