gpg: Avoid using an uninitialized SALT on premature EOF.
authorWerner Koch <wk@gnupg.org>
Wed, 6 Jan 2016 07:48:44 +0000 (08:48 +0100)
committerWerner Koch <wk@gnupg.org>
Wed, 6 Jan 2016 07:48:44 +0000 (08:48 +0100)
* g10/parse-packet.c (parse_key): Check for premature end of salt.
--

This has no security implications because an arbitrary salt could have
also been inset by an attacker.

Signed-off-by: Werner Koch <wk@gnupg.org>
g10/parse-packet.c

index b0c6ee5..38cd8c9 100644 (file)
@@ -2313,6 +2313,11 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
                case 3:
                  for (i = 0; i < 8 && pktlen; i++, pktlen--)
                    temp[i] = iobuf_get_noeof (inp);
+                  if (i < 8)
+                    {
+                     err = gpg_error (GPG_ERR_INV_PACKET);
+                     goto leave;
+                    }
                  memcpy (ski->s2k.salt, temp, 8);
                  break;
                }