* parse-packet.c (parse_user_id): Cap the user ID size at 2048 bytes.
authorDavid Shaw <dshaw@jabberwocky.com>
Fri, 9 Jun 2006 19:45:19 +0000 (19:45 +0000)
committerDavid Shaw <dshaw@jabberwocky.com>
Fri, 9 Jun 2006 19:45:19 +0000 (19:45 +0000)
commit91dbfce3b78442cd5870087ffc46c5e39a77ee6c
tree27fdf38f51c9ae6e7a4045b6327cbd1fa621ef80
parent49c31957f02c4f1373854c6a4493b78cad8d740a
* parse-packet.c (parse_user_id): Cap the user ID size at 2048 bytes.
This prevents a memory allocation attack with a very large user ID.  A
very large packet length could even cause the allocation (a u32) to wrap
around to a small number.  Noted by Evgeny Legerov on full-disclosure.
g10/ChangeLog
g10/parse-packet.c