Bug in cipher/ac.c

John Van Enk vanenkj at gmail.com
Thu Dec 3 07:34:43 CET 2009

Hello List,

I'm trying to write some Haskell bindings for libgcrypt. I tripped over a
bug in the eme_pkcs_v1_5_encode function.

Even though you shouldn't, the library segfaults when using a key size of
less than 11 bytes in length.

Note the conditional below. By changing the if to "if (k < 11 || m_n > k -
11)", the function properly responds with GPG_ERR_TOO_SHORT rather than

2239   /* Figure out key length in bytes.  */
2240   k = options->key_size / 8;
2242   if (m_n > k - 11)
2243     {
2244       /* Key is too short for message.  */
2245       err = gcry_error (GPG_ERR_TOO_SHORT);
2246       goto out;
2247     }

Now, I may have just done something silly in my example program which would
cause this not to happen, but this seems like a good check to add.

Also, this is my first post. I'm sorry if I've broken list some etiquette.

My example program is posted here: http://gist.github.com/247935

Thanks for your time.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20091203/a38b8692/attachment.htm>

More information about the Gcrypt-devel mailing list