[PATCH] Fix export of ecc secret keys by adjusting check ordering.

Kyle Butt kylebutt at gmail.com
Tue Aug 26 23:11:47 CEST 2014


Move the check against PUBKEY_MAX_NSKEY to after the ECC code adjusts
the number of parameters.
---
 g10/export.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/g10/export.c b/g10/export.c
index 6a921c1..b4f1a2e 100644
--- a/g10/export.c
+++ b/g10/export.c
@@ -462,7 +462,7 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk)
   xfree (string); string = NULL;
   if (gcry_pk_algo_info (pk_algo, GCRYCTL_GET_ALGO_NPKEY, NULL, &npkey)
       || gcry_pk_algo_info (pk_algo, GCRYCTL_GET_ALGO_NSKEY, NULL, &nskey)
-      || !npkey || npkey >= nskey || nskey > PUBKEY_MAX_NSKEY)
+      || !npkey || npkey >= nskey)
     goto bad_seckey;
 
   /* Check that the pubkey algo matches the one from the public key.  */
@@ -503,6 +503,10 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk)
       goto leave;
     }
 
+  /* This check has to go after the ecc adjustments. */
+  if (nskey > PUBKEY_MAX_NSKEY)
+    goto bad_seckey;
+
   /* Parse the key parameters.  */
   gcry_sexp_release (list);
   list = gcry_sexp_find_token (top_list, "skey", 0);
-- 
1.8.1.4




More information about the Gnupg-devel mailing list