[Pkg-gnupg-commit] [gnupg2] 86/159: gpg: Avoid using an uninitialized SALT on premature EOF.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Jan 27 13:23:57 UTC 2016
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch master
in repository gnupg2.
commit 85cc7449fb00ac85b0c2eecd22bd38b23f33edf5
Author: Werner Koch <wk at gnupg.org>
Date: Wed Jan 6 08:48:44 2016 +0100
gpg: Avoid using an uninitialized SALT on premature EOF.
* g10/parse-packet.c (parse_key): Check for premature end of salt.
--
This has no security implications because an arbitrary salt could have
also been inset by an attacker.
Signed-off-by: Werner Koch <wk at gnupg.org>
---
g10/parse-packet.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index b0c6ee5..38cd8c9 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -2313,6 +2313,11 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
case 3:
for (i = 0; i < 8 && pktlen; i++, pktlen--)
temp[i] = iobuf_get_noeof (inp);
+ if (i < 8)
+ {
+ err = gpg_error (GPG_ERR_INV_PACKET);
+ goto leave;
+ }
memcpy (ski->s2k.salt, temp, 8);
break;
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list