[git] GnuPG - branch, master, updated. gnupg-2.1.13-110-ga6b8798

[by Justus Winter]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  a6b87981f7ddef42b25703723162c647e312b125 (commit)
      from  8c8ae043b8d65cb79e0e99c5bdbdcbf34714bd0c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit a6b87981f7ddef42b25703723162c647e312b125
Author: Justus Winter <justus at g10code.com>
Date:   Tue Jul 5 12:38:15 2016 +0200

    g10: Fix out-of-bounds read.
    
    * g10/armor.c (use_armor_filter): We need two bytes for 'is_armored'.
    
    Signed-off-by: Justus Winter <justus at g10code.com>

diff --git a/g10/armor.c b/g10/armor.c
index fb74655..e4503b8 100644
--- a/g10/armor.c
+++ b/g10/armor.c
@@ -274,15 +274,17 @@ is_armored( const byte *buf )
 int
 use_armor_filter( IOBUF a )
 {
-    byte buf[1];
+    byte buf[2];
     int n;
 
     /* fixme: there might be a problem with iobuf_peek */
-    n = iobuf_peek(a, buf, 1 );
+    n = iobuf_peek (a, buf, 2);
     if( n == -1 )
 	return 0; /* EOF, doesn't matter whether armored or not */
     if( !n )
 	return 1; /* can't check it: try armored */
+    if (n != 2)
+	return 0; /* short buffer */
     return is_armored(buf);
 }
 

-----------------------------------------------------------------------

Summary of changes:
 g10/armor.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org