[PATCH] Fix export of ecc secret keys by adjusting check ordering.
Kyle Butt
kylebutt at gmail.com
Tue Aug 26 23:11:47 CEST 2014
Move the check against PUBKEY_MAX_NSKEY to after the ECC code adjusts
the number of parameters.
---
g10/export.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/g10/export.c b/g10/export.c
index 6a921c1..b4f1a2e 100644
--- a/g10/export.c
+++ b/g10/export.c
@@ -462,7 +462,7 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk)
xfree (string); string = NULL;
if (gcry_pk_algo_info (pk_algo, GCRYCTL_GET_ALGO_NPKEY, NULL, &npkey)
|| gcry_pk_algo_info (pk_algo, GCRYCTL_GET_ALGO_NSKEY, NULL, &nskey)
- || !npkey || npkey >= nskey || nskey > PUBKEY_MAX_NSKEY)
+ || !npkey || npkey >= nskey)
goto bad_seckey;
/* Check that the pubkey algo matches the one from the public key. */
@@ -503,6 +503,10 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk)
goto leave;
}
+ /* This check has to go after the ecc adjustments. */
+ if (nskey > PUBKEY_MAX_NSKEY)
+ goto bad_seckey;
+
/* Parse the key parameters. */
gcry_sexp_release (list);
list = gcry_sexp_find_token (top_list, "skey", 0);
--
1.8.1.4
More information about the Gnupg-devel
mailing list