diff options
| author | Werner Koch <[email protected]> | 2020-08-28 07:07:59 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2020-08-28 07:09:05 +0000 |
| commit | 16c1d8a14e98894408f30349cab68ff17ef6b35e (patch) | |
| tree | 1bad34eb3c931144a0bea651f95b92c999bbc58b /sm/certdump.c | |
| parent | doc: Fix typos (diff) | |
| download | gnupg-16c1d8a14e98894408f30349cab68ff17ef6b35e.tar.gz gnupg-16c1d8a14e98894408f30349cab68ff17ef6b35e.zip | |
sm: Fix a bug in the rfc2253 parser
* sm/certdump.c (parse_dn_part): Fix parser flaw.
--
This could in theory result in reading bytes after a after Nul in a
string and thus possible segv on unallocated memory or reading other
parts of the memory. However, it is harmless because the rfc2253
strings have been constructed by libksba.
GnuPG-bug-id: 5037
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'sm/certdump.c')
| -rw-r--r-- | sm/certdump.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sm/certdump.c b/sm/certdump.c index ae257d232..fec2412fd 100644 --- a/sm/certdump.c +++ b/sm/certdump.c @@ -448,7 +448,7 @@ parse_dn_part (struct dn_array_s *array, const unsigned char *string) { /* hexstring */ string++; for (s=string; hexdigitp (s); s++) - s++; + ; n = s - string; if (!n || (n & 1)) return NULL; /* Empty or odd number of digits. */ |