diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2016-12-30 21:17:22 -0500 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-01-02 10:17:34 +0100 |
| commit | 360a2c0ccc2821874606eb2e2fe41bb8a9b605f8 (patch) | |
| tree | 99773b52169bb61d614ab6074de1f0cf5e48d1e2 | |
| parent | a1918b8f0e18c2f5104ad8e0cc00e56ca6a695d5 (diff) | |
| download | gnutls-360a2c0ccc2821874606eb2e2fe41bb8a9b605f8.tar.gz | |
Attempt to fix a leak in OpenPGP cert parsing.
| -rw-r--r-- | lib/opencdk/read-packet.c | 4 | ||||
| -rw-r--r-- | tests/cert-tests/data/attribute-leak-1.pub | bin | 0 -> 5 bytes | |||
| -rwxr-xr-x | tests/cert-tests/openpgp-cert-parser | 4 |
3 files changed, 7 insertions, 1 deletions
diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c index a7575bf85f..faee419bc2 100644 --- a/lib/opencdk/read-packet.c +++ b/lib/opencdk/read-packet.c @@ -509,8 +509,10 @@ read_attribute(cdk_stream_t inp, size_t pktlen, cdk_pkt_userid_t attr, p++; len--; - if (len >= pktlen) + if (len >= pktlen) { + cdk_free(buf); return CDK_Inv_Packet; + } attr->attrib_img = cdk_calloc(1, len); if (!attr->attrib_img) { cdk_free(buf); diff --git a/tests/cert-tests/data/attribute-leak-1.pub b/tests/cert-tests/data/attribute-leak-1.pub Binary files differnew file mode 100644 index 0000000000..6ab4334e3c --- /dev/null +++ b/tests/cert-tests/data/attribute-leak-1.pub diff --git a/tests/cert-tests/openpgp-cert-parser b/tests/cert-tests/openpgp-cert-parser index 9545fa0c6c..c12e1be8d6 100755 --- a/tests/cert-tests/openpgp-cert-parser +++ b/tests/cert-tests/openpgp-cert-parser @@ -38,4 +38,8 @@ echo "Checking OpenPGP certificate parsing" | grep "^import error: Error in parsing" > /dev/null) || \ fail "Parsing should have errored" +("${CERTTOOL}" --inraw --pgp-certificate-info --infile "${srcdir}/data/attribute-leak-1.pub" 2>&1 \ + | grep "^import error:" > /dev/null) || \ + fail "Parsing should have errored" + exit ${RETCODE:-0} |