diff options
| author | Werner Koch <[email protected]> | 2018-02-15 10:17:28 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2018-02-15 10:41:46 +0000 |
| commit | 5e3679ae395e7a7e44f218f07bbe487429f1b279 (patch) | |
| tree | dcd95340e47df3fd8268186a957be7de5d2c6cb4 /tools/wks-util.c | |
| parent | gpg: Fix reversed messages for --only-sign-text-ids. (diff) | |
| download | gnupg-5e3679ae395e7a7e44f218f07bbe487429f1b279.tar.gz gnupg-5e3679ae395e7a7e44f218f07bbe487429f1b279.zip | |
kbx: Fix detection of corrupted keyblocks on 32 bit systems.
* kbx/keybox-search.c (blob_cmp_fpr): Avoid overflow in OFF+LEN
checking.
(blob_cmp_fpr_part): Ditto.
(blob_cmp_name): Ditto.
(blob_cmp_mail): Ditto.
(blob_x509_has_grip): Ditto.
(keybox_get_keyblock): Check OFF and LEN using a 64 bit var.
(keybox_get_cert): Ditto.
--
On most 32 bit systems size_t is 32 bit and thus the check
size_t cert_off = get32 (buffer+8);
size_t cert_len = get32 (buffer+12);
if (cert_off+cert_len > length)
return gpg_error (GPG_ERR_TOO_SHORT);
does not work as intended for all supplied values. The simplest
solution here is to cast them to 64 bit.
In general it will be better to avoid size_t at all and work with
uint64_t. We did not do this in the past because uint64_t was not
universally available.
GnuPG-bug-id: 3770
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to '')
0 files changed, 0 insertions, 0 deletions