[git] GnuPG - branch, master, updated. gnupg-2.2.7-187-g1b309d9

by NIIBE Yutaka cvs at cvs.gnupg.org
Fri Aug 10 08:40:45 CEST 2018 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  1b309d9f6199a91caa0ca0b97b92d599e00b736e (commit)
      from  e88f56f1937ac92f6a3b94e50b6db2649ec0be41 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 1b309d9f6199a91caa0ca0b97b92d599e00b736e
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Fri Aug 10 15:29:06 2018 +0900

    g10: Fix undefined behavior when EOF in parsing packet for S2K.
    
    * g10/parse-packet.c (parse_symkeyenc): Use iobuf_get_noeof.
    (parse_key): Likewise.
    
    --
    
    When EOF comes at parsing s2k.count, it is possible the value will
    be (unsigned long)-1.  Then, the result of S2K_DECODE_COUNT will be
    undefined.  This patch fixes undefined behavior.
    
    Reported-by: Philippe Antoine
    GnuPG-bug-id: 4093
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>

diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index e933abf..0fa8be6 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -1186,7 +1186,7 @@ parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
     }
   if (s2kmode == 3)
     {
-      k->s2k.count = iobuf_get (inp);
+      k->s2k.count = iobuf_get_noeof (inp);
       pktlen--;
     }
   k->seskeylen = seskeylen;
@@ -2528,7 +2528,7 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
 		      err = gpg_error (GPG_ERR_INV_PACKET);
 		      goto leave;
 		    }
-		  ski->s2k.count = iobuf_get (inp);
+		  ski->s2k.count = iobuf_get_noeof (inp);
 		  pktlen--;
 		  if (list_mode)
 		    es_fprintf (listfp, "\tprotect count: %lu (%lu)\n",

-----------------------------------------------------------------------

Summary of changes:
 g10/parse-packet.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list