agent: Protect commit 135b1e3 against misbehaving Libgcrypt.
authorWerner Koch <wk@gnupg.org>
Tue, 1 Sep 2015 05:39:28 +0000 (07:39 +0200)
committerWerner Koch <wk@gnupg.org>
Tue, 1 Sep 2015 05:39:28 +0000 (07:39 +0200)
* agent/command-ssh.c (ssh_key_to_blob): Check DATALEN.

Signed-off-by: Werner Koch <wk@gnupg.org>
agent/command-ssh.c

index 689241f..8868620 100644 (file)
@@ -1964,7 +1964,7 @@ ssh_key_to_blob (gcry_sexp_t sexp, int with_secret,
               err = gpg_error (GPG_ERR_INV_SEXP);
               goto out;
             }
               err = gpg_error (GPG_ERR_INV_SEXP);
               goto out;
             }
-          if (*p_elems == 'q')
+          if (*p_elems == 'q' && datalen)
             { /* Remove the prefix 0x40.  */
               data++;
               datalen--;
             { /* Remove the prefix 0x40.  */
               data++;
               datalen--;