[Dailydave] GnuPG 1.4.4 fun

Werner Koch wk at gnupg.org
Tue Jul 25 12:28:59 CEST 2006

On Tue, 25 Jul 2006 02:49, Troy Bollinger said:

> I think there are similar problems with xmalloc() arguments in:
>    parse_gpg_control
>    create_gpg_control
>    parse_plaintext

Right after fixing the recent UID integer overflow I walked over the
code and figured out the mallocs in need of a fix.  Most of them are
already fixed a few need more investigation.

The easiest fix is to limit the packet length to a reasonable value
right after parsing the packet header.



More information about the Gnupg-devel mailing list