Explicitely choosing a subkey leads to breakdown of gpg 1.4.0a
for windows
Werner Koch
wk at gnupg.org
Thu Mar 10 11:44:42 CET 2005
Hi,
after a longish debugging session Timo and me found secmem_realloc to
be the culprit. Fixed in CVS of 1.2.x and 1.4.x.
diff -u -p -r1.42 -r1.43
--- util/secmem.c 16 Dec 2004 05:16:09 -0000 1.42
+++ util/secmem.c 10 Mar 2005 09:52:05 -0000 1.43
@@ -398,8 +401,12 @@ secmem_realloc( void *p, size_t newsize
mb = (MEMBLOCK*)((char*)p - ((size_t) &((MEMBLOCK*)0)->u.aligned.c));
size = mb->size;
- if( newsize < size )
- return p; /* it is easier not to shrink the memory */
+ if (size < sizeof(MEMBLOCK))
+ log_bug ("secure memory corrupted at block %p\n", mb);
+ size -= ((size_t) &((MEMBLOCK*)0)->u.aligned.c);
+
+ if( newsize <= size )
+ return p; /* It is easier not to shrink the memory. */
a = secmem_malloc( newsize );
if ( a ) {
memcpy(a, p, size);
Shalom-Salam,
Werner
More information about the Gnupg-devel
mailing list