same linux, now suid

Werner Koch wk at isil.d.shuttle.de
Wed Feb 25 08:45:55 CET 1998


Pretty standard bug in g10/keygen.c

diff -u -r1.23 keygen.c
--- keygen.c    1998/02/24 18:50:19     1.23
+++ keygen.c    1998/02/25 07:38:19
@@ -502,7 +502,7 @@
 
     tty_printf(_("You need a Passphrase to protect your secret key.\n\n")
);
 
-    dek = m_alloc_secure( sizeof *dek );
+    dek = m_alloc_secure( sizeof *dek + 8 );
     salt = (byte*)dek + sizeof *dek;
     for(;;) {
        dek->algo = CIPHER_ALGO_BLOWFISH;


The keys should be good anyway.  I should add a key generation check
soon.

-- 
Werner

                                       finger gcrypt at ftp.guug.de for GNUPG key
              fingerprint = 8489 6CD0 1851 0E33 45DA  CD67 036F 11B8 FF3E AA0B





More information about the Gnupg-devel mailing list