[svn] GnuPG - r5473 - branches/STABLE-BRANCH-1-4/g10

svn author dshaw cvs at cvs.gnupg.org
Fri Oct 29 19:39:31 CEST 2010 

Author: dshaw
Date: 2010-10-29 19:39:30 +0200 (Fri, 29 Oct 2010)
New Revision: 5473

Modified:
   branches/STABLE-BRANCH-1-4/g10/ChangeLog
   branches/STABLE-BRANCH-1-4/g10/pkclist.c
Log:
* pkclist.c (select_algo_from_prefs): Make sure the scores can't
overflow when picking an algorithm (not a security issue since we
can't pick something not present in all preference lists, but we might
pick something that isn't scored first choice).


Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog
===================================================================
--- branches/STABLE-BRANCH-1-4/g10/ChangeLog	2010-10-27 11:26:53 UTC (rev 5472)
+++ branches/STABLE-BRANCH-1-4/g10/ChangeLog	2010-10-29 17:39:30 UTC (rev 5473)
@@ -1,3 +1,10 @@
+2010-10-29  David Shaw  <dshaw at jabberwocky.com>
+
+	* pkclist.c (select_algo_from_prefs): Make sure the scores can't
+	overflow when picking an algorithm (not a security issue since we
+	can't pick something not present in all preference lists, but we
+	might pick something that isn't scored first choice).
+
 2010-10-27  Werner Koch  <wk at g10code.com>
 
 	* keygen.c (ask_expire_interval): Print 2038 warning only for 32

Modified: branches/STABLE-BRANCH-1-4/g10/pkclist.c
===================================================================
--- branches/STABLE-BRANCH-1-4/g10/pkclist.c	2010-10-27 11:26:53 UTC (rev 5472)
+++ branches/STABLE-BRANCH-1-4/g10/pkclist.c	2010-10-29 17:39:30 UTC (rev 5473)
@@ -1,6 +1,6 @@
 /* pkclist.c
  * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
- *               2008 Free Software Foundation, Inc.
+ *               2008, 2010 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -1267,8 +1267,8 @@
   const prefitem_t *prefs;
   int result=-1,i;
   unsigned int best=-1;    
-  byte scores[256];
-    
+  u16 scores[256];
+
   if( !pk_list )
     return -1;
 
@@ -1330,7 +1330,13 @@
 	    {
 	      if( prefs[i].type == preftype )
 		{
-		  scores[prefs[i].value]+=rank;
+		  /* Make sure all scores don't add up past 0xFFFF
+		     (and roll around) */
+		  if(rank+scores[prefs[i].value]<=0xFFFF)
+		    scores[prefs[i].value]+=rank;
+		  else
+		    scores[prefs[i].value]=0xFFFF;
+
 		  mask[prefs[i].value/32] |= 1<<(prefs[i].value%32);
 
 		  rank++;

More information about the Gnupg-commits mailing list