diff options
| author | Werner Koch <[email protected]> | 2015-02-11 09:27:57 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2015-02-11 09:28:25 +0000 |
| commit | 2183683bd633818dd031b090b5530951de76f392 (patch) | |
| tree | af283f4f329a140b76df6f7e83dce7ebb07aabb8 /g10/seckey-cert.c | |
| parent | gpg: Prevent an invalid memory read using a garbled keyring. (diff) | |
| download | gnupg-2183683bd633818dd031b090b5530951de76f392.tar.gz gnupg-2183683bd633818dd031b090b5530951de76f392.zip | |
Use inline functions to convert buffer data to scalars.
* common/host2net.h (buf16_to_ulong, buf16_to_uint): New.
(buf16_to_ushort, buf16_to_u16): New.
(buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New.
--
Commit 91b826a38880fd8a989318585eb502582636ddd8 was not enough to
avoid all sign extension on shift problems. Hanno Böck found a case
with an invalid read due to this problem. To fix that once and for
all almost all uses of "<< 24" and "<< 8" are changed by this patch to
use an inline function from host2net.h.
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'g10/seckey-cert.c')
| -rw-r--r-- | g10/seckey-cert.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c index 10037567c..02dbb4859 100644 --- a/g10/seckey-cert.c +++ b/g10/seckey-cert.c @@ -115,7 +115,7 @@ xxxx_do_check( PKT_secret_key *sk, const char *tryagain_text, int mode, ndata = (ndatabits+7)/8; if ( ndata > 1 ) - csumc = p[ndata-2] << 8 | p[ndata-1]; + csumc = buf16_to_u16 (p+ndata-2); data = xmalloc_secure ( ndata ); gcry_cipher_decrypt ( cipher_hd, data, ndata, p, ndata ); gcry_mpi_release (sk->skey[i]); sk->skey[i] = NULL ; |