[PATCH 3/4] ssh: update certificate support

Jacob Bachmeyer jcb62281 at gmail.com
Wed Mar 17 23:39:26 CET 2021


Igor Okulist via Gnupg-devel wrote:
> [...]
> @@ -1304,8 +1304,6 @@ agent_public_key_from_file (ctrl_t ctrl,
>    s_skey = NULL;
>  
>  
> -  // TODO: the following FIXME is so true -- following code is
> -  // prone to buffer overrun
>    /* FIXME: The following thing is pretty ugly code; we should
>       investigate how to make it cleaner.  Probably code to handle
>       canonical S-expressions in a memory buffer is better suited for
> @@ -1314,7 +1312,7 @@ agent_public_key_from_file (ctrl_t ctrl,
>       them.  */
>    assert (sizeof (size_t) <= sizeof (void*));
>  
> -  format = xtrymalloc (15+4+7*npkey+10+15+1+1+5+4096);
> +  format = xtrymalloc (15+4+7*npkey+10+15+1+1+5+10);
>    if (!format)
>      {
>        err = gpg_error_from_syserror ();
>   

Are you sure about this?  Removing a comment that warns of possible 
buffer overruns that need to be addressed without (as far as I can tell) 
actually addressing the possible issue while also *reducing* the size of 
an allocated buffer strikes me as odd.


-- Jacob




More information about the Gnupg-devel mailing list