diff options
| author | David Shaw <[email protected]> | 2006-06-09 19:45:19 +0000 |
|---|---|---|
| committer | David Shaw <[email protected]> | 2006-06-09 19:45:19 +0000 |
| commit | 91dbfce3b78442cd5870087ffc46c5e39a77ee6c (patch) | |
| tree | 27fdf38f51c9ae6e7a4045b6327cbd1fa621ef80 /util | |
| parent | Revert last. It is still wrong. (diff) | |
| download | gnupg-91dbfce3b78442cd5870087ffc46c5e39a77ee6c.tar.gz gnupg-91dbfce3b78442cd5870087ffc46c5e39a77ee6c.zip | |
* parse-packet.c (parse_user_id): Cap the user ID size at 2048 bytes.
This prevents a memory allocation attack with a very large user ID. A
very large packet length could even cause the allocation (a u32) to wrap
around to a small number. Noted by Evgeny Legerov on full-disclosure.
Diffstat (limited to '')
0 files changed, 0 insertions, 0 deletions