mirror of
https://gitdl.cn/https://github.com/chakralinux/core.git
synced 2025-02-11 10:54:37 +08:00
39 lines
1.3 KiB
Diff
39 lines
1.3 KiB
Diff
From: Werner Koch <wk@gnupg.org>
|
|
Date: Mon, 24 Nov 2014 16:28:25 +0000 (+0100)
|
|
Subject: gpg: Fix off-by-one read in the attribute subpacket parser.
|
|
X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff_plain;h=0988764397f99db4efef1eabcdb8072d6159af76;hp=b716e6a69919b89c7887d6c7c9b97e58d18fdf95
|
|
|
|
gpg: Fix off-by-one read in the attribute subpacket parser.
|
|
|
|
* g10/parse-packet.c (parse_attribute_subpkts): Check that the
|
|
attribute packet is large enough for the subpacket type.
|
|
--
|
|
|
|
Reported-by: Hanno Böck
|
|
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
---
|
|
|
|
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
|
|
index e0370aa..f75e21c 100644
|
|
--- a/g10/parse-packet.c
|
|
+++ b/g10/parse-packet.c
|
|
@@ -2359,8 +2359,16 @@ parse_attribute_subpkts (PKT_user_id * uid)
|
|
if (buflen < n)
|
|
goto too_short;
|
|
|
|
- attribs =
|
|
- xrealloc (attribs, (count + 1) * sizeof (struct user_attribute));
|
|
+ if (!n)
|
|
+ {
|
|
+ /* Too short to encode the subpacket type. */
|
|
+ if (opt.verbose)
|
|
+ log_info ("attribute subpacket too short\n");
|
|
+ break;
|
|
+ }
|
|
+
|
|
+ attribs = xrealloc (attribs,
|
|
+ (count + 1) * sizeof (struct user_attribute));
|
|
memset (&attribs[count], 0, sizeof (struct user_attribute));
|
|
|
|
type = *buffer;
|