[git] GnuPG - branch, master, updated. gnupg-2.2.4-115-g8305739

by Werner Koch cvs at cvs.gnupg.org
Tue Feb 6 17:46:29 CET 2018 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  8305739fe857ed3378f885bb43777fd518dd1060 (commit)
      from  26c900a8f09df5a15cc9dfce11b98a1caa2dd682 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 8305739fe857ed3378f885bb43777fd518dd1060
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Feb 6 17:34:08 2018 +0100

    gpg: Fix packet length checking in symkeyenc parser.
    
    * g10/parse-packet.c (parse_symkeyenc): Move error printing to the
    end.  Add additional check to cope for the 0je extra bytes needed for
    AEAD.
    --
    
    Fixes-commit: 9aab9167bca38323973e853845ca95ae8e9b6871
    GnuPG-bug-id: 3780

diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index 5c6d364..e3ff432 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -1108,13 +1108,7 @@ parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
   int i, version, s2kmode, cipher_algo, aead_algo, hash_algo, seskeylen, minlen;
 
   if (pktlen < 4)
-    {
-      log_error ("packet(%d) too short\n", pkttype);
-      if (list_mode)
-        es_fprintf (listfp, ":symkey enc packet: [too short]\n");
-      rc = gpg_error (GPG_ERR_INV_PACKET);
-      goto leave;
-    }
+    goto too_short;
   version = iobuf_get_noeof (inp);
   pktlen--;
   if (version == 4)
@@ -1146,6 +1140,8 @@ parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
     }
   else
     aead_algo = 0;
+  if (pktlen < 2)
+    goto too_short;
   s2kmode = iobuf_get_noeof (inp);
   pktlen--;
   hash_algo = iobuf_get_noeof (inp);
@@ -1241,6 +1237,13 @@ parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
  leave:
   iobuf_skip_rest (inp, pktlen, 0);
   return rc;
+
+ too_short:
+  log_error ("packet(%d) too short\n", pkttype);
+  if (list_mode)
+    es_fprintf (listfp, ":symkey enc packet: [too short]\n");
+  rc = gpg_error (GPG_ERR_INV_PACKET);
+  goto leave;
 }
 
 

-----------------------------------------------------------------------

Summary of changes:
 g10/parse-packet.c | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list