[git] GnuPG - branch, master, updated. gnupg-2.1.9-221-ge28f2e7

by Werner Koch cvs at cvs.gnupg.org
Thu Dec 3 13:50:38 CET 2015 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  e28f2e7a2f265af8bbdb4979e9679b4396dccdd5 (commit)
      from  0f61599ed0bd1cc6842067d040bb58ec0a451715 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit e28f2e7a2f265af8bbdb4979e9679b4396dccdd5
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Dec 3 13:46:03 2015 +0100

    scd: Another fix for Curve25519 prefix handling.
    
    * scd/app-openpgp.c (do_decipher): Check 0x02 also for 16+1 byte long
    INDATA.
    (do_decipher): Fix integer arithmetic in void pointer.
    (do_decipher): Add missing memcpy.
    --
    
    I have not tested this fix but it is obvious.
    
    Fixes-commit: 11b2691eddc42e91651e4f95dd2731255a3e9211
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
index ed1bce6..f8e1460 100644
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@@ -4114,10 +4114,12 @@ do_decipher (app_t app, const char *keyidstr,
   if (rc)
     return rc;
 
-  if (indatalen == 16 + 1 || indatalen == 32 + 1
+  if ((indatalen == 16 + 1 || indatalen == 32 + 1)
       && ((char *)indata)[0] == 0x02)
-    /* PSO:DECIPHER with symmetric key.  */
-    padind = -1;
+    {
+      /* PSO:DECIPHER with symmetric key.  */
+      padind = -1;
+    }
   else if (app->app_local->keyattr[1].key_type == KEY_TYPE_RSA)
     {
       /* We might encounter a couple of leading zeroes in the
@@ -4179,7 +4181,7 @@ do_decipher (app_t app, const char *keyidstr,
            * Skip the prefix.  It may be 0x40 (in new format), or MPI
            * head of 0x00 (in old format).
            */
-          indata++;
+          indata = (const char *)indata + 1;
           indatalen--;
         }
 
@@ -4231,9 +4233,10 @@ do_decipher (app_t app, const char *keyidstr,
           xfree (outdata);
           return gpg_error_from_syserror ();
         }
+      fixbuf[0] = 0x40;
+      memcpy (fixbuf+1, *outdata, *outdatalen);
       xfree (outdata);
-      outdata = fixbuf;
-      outdata[0] = 0x40;
+      *outdata = fixbuf;
       *outdatalen = *outdatalen + 1;
     }
 

-----------------------------------------------------------------------

Summary of changes:
 scd/app-openpgp.c | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list