Fwd: mpi_set_secure leads to heap corruption

Werner Koch wk at gnupg.org
Tue Jul 4 18:06:09 CEST 2017

On Tue,  4 Jul 2017 03:05, gniibe at fsij.org said:

> Yes.  While the patch is right, I followed the suggestion for less
> surprise.

The reason why it was falsely allocated as nlimbs is likely to save on
secure memory.  Now that we auto-grow the secure memory this is not
needed and thus this simple and correct fix is sufficient.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: </pipermail/attachments/20170704/097a03b7/attachment.sig>

More information about the Gcrypt-devel mailing list