gpg: Fix DoS while parsing mangled secret key packets.
authorWerner Koch <wk@gnupg.org>
Sun, 5 Apr 2015 10:48:14 +0000 (12:48 +0200)
committerWerner Koch <wk@gnupg.org>
Sun, 5 Apr 2015 10:49:26 +0000 (12:49 +0200)
commitd901efcebaefaf6eae4a9b9aa8f0c2c055d3518a
tree4d03e345d92a6354f549cfd5ec334642e96e08cf
parentf82c4a6d0d76e716b6a7b22ca964fa2da1f962a0
gpg: Fix DoS while parsing mangled secret key packets.

* g10/parse-packet.c (parse_key): Check PKTLEN before calling mpi_read
et al.
--

Due to the missing length checks PKTLEN may turn negative.  Because
PKTLEN is an unsigned int the malloc in read_rest would try to malloc
a too large number and terminate the process with "error reading rest
of packet: Cannot allocate memory".

Reported-by: Hanno Böck.
Signed-off-by: Werner Koch <wk@gnupg.org>
g10/parse-packet.c