diff options
| author | NIIBE Yutaka <[email protected]> | 2025-11-20 05:23:34 +0000 |
|---|---|---|
| committer | NIIBE Yutaka <[email protected]> | 2025-11-20 05:23:34 +0000 |
| commit | bcd87ea2b2da3ed9fe41341959d9c886029606a9 (patch) | |
| tree | d2404dfa77f9bec99adfb5f75f52a419c7b52469 | |
| parent | Post release updates (diff) | |
| download | gnupg-bcd87ea2b2da3ed9fe41341959d9c886029606a9.tar.gz gnupg-bcd87ea2b2da3ed9fe41341959d9c886029606a9.zip | |
misc: Validate the value on the use of strtol.
* g10/misc.c (string_to_cipher_algo): Use "long"-type variable to
catch the result of strtol and validate the value.
(string_to_aead_algo, string_to_digest_algo): Likewise.
--
Reported-by: 8b79fe4dd0581c1cd000e1fbecba9f39e16a396a
Signed-off-by: NIIBE Yutaka <[email protected]>
| -rw-r--r-- | g10/misc.c | 35 |
1 files changed, 21 insertions, 14 deletions
diff --git a/g10/misc.c b/g10/misc.c index 58932ed7b..4f8e810f2 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -1245,11 +1245,13 @@ string_to_cipher_algo (const char *string) if (!val && string && (string[0]=='S' || string[0]=='s')) { char *endptr; + long longval; string++; - val = strtol (string, &endptr, 10); - if (!*string || *endptr || openpgp_cipher_test_algo (val)) - val = 0; + longval = strtol (string, &endptr, 10); + if (*string && !*endptr && longval >= 0 && longval < 256 + && openpgp_cipher_test_algo ((int)longval)) + val = longval; } return val; @@ -1272,17 +1274,20 @@ string_to_aead_algo (const char *string) result = 1; else if (!ascii_strcasecmp (string, "OCB")) result = 2; - else if ((string[0]=='A' || string[0]=='a')) + else { - char *endptr; + result = 0; + if ((string[0]=='A' || string[0]=='a')) + { + char *endptr; + long longval; - string++; - result = strtol (string, &endptr, 10); - if (!*string || *endptr || result < 1 || result > 2) - result = 0; + string++; + longval = strtol (string, &endptr, 10); + if (*string && !*endptr && longval >= 1 && longval <= 2) + result = longval; + } } - else - result = 0; return result; } @@ -1303,11 +1308,13 @@ string_to_digest_algo (const char *string) if (!val && string && (string[0]=='H' || string[0]=='h')) { char *endptr; + long longval; string++; - val = strtol (string, &endptr, 10); - if (!*string || *endptr || openpgp_md_test_algo (val)) - val = 0; + longval = strtol (string, &endptr, 10); + if (*string && !*endptr && longval >= 0 && longval < 256 + && openpgp_md_test_algo ((int)longval)) + val = longval; } return val; |