diff options
author | Alex Gaynor <alex.gaynor@gmail.com> | 2017-03-05 02:21:30 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-03-05 18:05:51 +0100 |
commit | efa1251cc197239a36eca48fd204afae41b05994 (patch) | |
tree | ac54621d221e67cff07e4ab600574fa8c504b364 | |
parent | c8fdf14e59bfc4e1e85b12d489a0eb892c94b3b4 (diff) | |
download | gnutls-efa1251cc197239a36eca48fd204afae41b05994.tar.gz |
Enforce the max packet length for OpenPGP subpackets as well
This addresses:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392
Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>
-rw-r--r-- | lib/opencdk/read-packet.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c index e202a10b04..56bbccc70e 100644 --- a/lib/opencdk/read-packet.c +++ b/lib/opencdk/read-packet.c @@ -571,6 +571,9 @@ read_user_id(cdk_stream_t inp, size_t pktlen, cdk_pkt_userid_t user_id) } +#define MAX_PACKET_LEN (1<<24) + + static cdk_error_t read_subpkt(cdk_stream_t inp, cdk_subpkt_t * r_ctx, size_t * r_nbytes) { @@ -610,6 +613,10 @@ read_subpkt(cdk_stream_t inp, cdk_subpkt_t * r_ctx, size_t * r_nbytes) else return CDK_Inv_Packet; + if (size >= MAX_PACKET_LEN) { + return CDK_Inv_Packet; + } + node = cdk_subpkt_new(size); if (!node) return CDK_Out_Of_Core; @@ -951,8 +958,6 @@ static cdk_error_t skip_packet(cdk_stream_t inp, size_t pktlen) return 0; } -#define MAX_PACKET_LEN (1<<24) - /** * cdk_pkt_read: * @inp: the input stream |