[git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.9-6-g822c633

by NIIBE Yutaka cvs at cvs.gnupg.org
Fri Aug 10 08:40:34 CEST 2018 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-2-2 has been updated
       via  822c633845066756b6442ca67b93b4b5c4316ca0 (commit)
      from  f1c0d9bb6506eee6a3ad93ef432fe6aa5b72aabd (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 822c633845066756b6442ca67b93b4b5c4316ca0
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Fri Aug 10 15:29:06 2018 +0900

    g10: Fix undefined behavior when EOF in parsing packet for S2K.
    
    * g10/parse-packet.c (parse_symkeyenc): Use iobuf_get_noeof.
    (parse_key): Likewise.
    
    --
    
    Cherry picked from master commit:
        1b309d9f6199a91caa0ca0b97b92d599e00b736e
    
    When EOF comes at parsing s2k.count, it is possible the value will
    be (unsigned long)-1.  Then, the result of S2K_DECODE_COUNT will be
    undefined.  This patch fixes undefined behavior.
    
    Reported-by: Philippe Antoine
    GnuPG-bug-id: 4093
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>

diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index a64d4f7..8d0be19 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -1171,7 +1171,7 @@ parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
     }
   if (s2kmode == 3)
     {
-      k->s2k.count = iobuf_get (inp);
+      k->s2k.count = iobuf_get_noeof (inp);
       pktlen--;
     }
   k->seskeylen = seskeylen;
@@ -2489,7 +2489,7 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
 		      err = gpg_error (GPG_ERR_INV_PACKET);
 		      goto leave;
 		    }
-		  ski->s2k.count = iobuf_get (inp);
+		  ski->s2k.count = iobuf_get_noeof (inp);
 		  pktlen--;
 		  if (list_mode)
 		    es_fprintf (listfp, "\tprotect count: %lu (%lu)\n",

-----------------------------------------------------------------------

Summary of changes:
 g10/parse-packet.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list