agent: Fix length test in sshcontrol parser.
a838e8f80669Unpublished
Actions

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

agent: Fix length test in sshcontrol parser.

* agent/command-ssh.c (ssh_search_control_file): Check S before
upcasing it.

In contradiction to the comment we did not check the length of HEXGRIP
and thus the GPG_ERR_INV_LENGTH was never triggered.

Detected by Stack 0.3:

bug: anti-simplify
model: |
  %cmp8 = icmp ne i32 %i.0, 40, !dbg !986
  -->  false
stack:
  - /home/wk/s/gnupg/agent/command-ssh.c:1226:0
ncore: 2
core:
  - /home/wk/s/gnupg/agent/command-ssh.c:1225:0
    - buffer overflow
  - /home/wk/s/gnupg/agent/command-ssh.c:1225:0
    - buffer overflow

(backported from 2.1 commit 3529dd8bb5bafc4e02915648d5f409bd27a9cc37)

Details

Provenance

• werner	Authored on Mar 15 2015, 1:04 PM
• gniibe	Committed on Apr 15 2015, 9:07 AM

Parents

rGb4ec909186d0: scd: Fix possible NULL deref in apdu.c

Branches

Unknown

Tags

Unknown

Event Timeline

NIIBE Yutaka <gniibe@fsij.org> committed rGa838e8f80669: agent: Fix length test in sshcontrol parser. (authored by Werner Koch <wk@gnupg.org>).Apr 15 2015, 9:07 AM

Changes (1)

Path

Size

agent/

command-ssh.c

rGa838e8f80669

View Options

agent: Fix length test in sshcontrol parser.a838e8f80669UnpublishedActions