diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-03-01 07:54:04 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-03-01 07:55:39 +0100 |
commit | ae7d5433868b996e0a5f2750ec8daaedc5bd5444 (patch) | |
tree | 47ce07c06bb3887dc41043f729c6ed0aa273c392 /lib/openpgp/pgp.c | |
parent | 6bd962f6a3590169071e6c86aac2aceeb6ba097e (diff) | |
download | gnutls-ae7d5433868b996e0a5f2750ec8daaedc5bd5444.tar.gz |
opencdk: do not parse any secret keys in packet when reading a certificate
This reduces the attack surface on the parsers, and prevents any bugs
in the secret key parser to be exploitable by inserting secret key
sub-packets into an openpgp certificate.
This addresses:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Diffstat (limited to 'lib/openpgp/pgp.c')
-rw-r--r-- | lib/openpgp/pgp.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/openpgp/pgp.c b/lib/openpgp/pgp.c index dd6957e247..03a507d4c4 100644 --- a/lib/openpgp/pgp.c +++ b/lib/openpgp/pgp.c @@ -99,7 +99,7 @@ gnutls_openpgp_crt_import(gnutls_openpgp_crt_t key, armor = 1; rc = cdk_kbnode_read_from_mem(&key->knode, armor, data->data, - data->size); + data->size, 1); if (rc) { rc = _gnutls_map_cdk_rc(rc); gnutls_assert(); |