Home GnuPG
Diffusion GnuPG 3529dd8bb5ba

agent: Fix length test in sshcontrol parser.
3529dd8bb5baUnpublished
Actions

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

agent: Fix length test in sshcontrol parser.

* agent/command-ssh.c (ssh_search_control_file): Check S before
upcasing it.

In contradiction to the comment we did not check the length of HEXGRIP
and thus the GPG_ERR_INV_LENGTH was never triggered.

Detected by Stack 0.3:

bug: anti-simplify
model: |
  %cmp8 = icmp ne i32 %i.0, 40, !dbg !986
  -->  false
stack:
  - /home/wk/s/gnupg/agent/command-ssh.c:1226:0
ncore: 2
core:
  - /home/wk/s/gnupg/agent/command-ssh.c:1225:0
    - buffer overflow
  - /home/wk/s/gnupg/agent/command-ssh.c:1225:0
    - buffer overflow

Details

Provenance
wernerAuthored on Mar 15 2015, 1:04 PM
Parents
rG95415bdec77a: agent: Remove useless conditions.
Branches
Unknown
Tags
Unknown

Event Timeline

Werner Koch <wk@gnupg.org> committed rG3529dd8bb5ba: agent: Fix length test in sshcontrol parser. (authored by Werner Koch <wk@gnupg.org>).Mar 15 2015, 1:04 PM

Changes (1)

PathSize
agent/

rG3529dd8bb5ba

View Options

agent/command-ssh.c

Loading...