gpg: Don't use malloc for kek_params.
b124bca592e1
Actions

Description

gpg: Don't use malloc for kek_params.

* g10/ecdh.c (pk_ecdh_default_params): Use stack for kek_params.

GnuPG-bug-id: T5393
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

Details

Provenance

• gniibe

Authored on Nov 12 2021, 7:09 AM

Parents

rGfae1d2e2ccde: kbx: Avoid use of uninitialized value.

Branches

Unknown

Tags

Unknown

Tasks

T5393: gnupg coverity static analysis reports

Event Timeline

• gniibe committed rGb124bca592e1: gpg: Don't use malloc for kek_params. (authored by • gniibe).Nov 12 2021, 7:39 AM

• gniibe added a task: T5393: gnupg coverity static analysis reports.Nov 12 2021, 7:41 AM

What is the rational for this change?

The old code using sizeof(kek_params) (which is used for log_printhex) is incorrect; the value is the size of pointer to byte. It may works for 32-bit architectures, though.
On the machine which has 8 for a pointer, it will cause accessing wrong area, when DPG_CRYPTO is enabled.

Changes (1)

Path

Size

g10/

ecdh.c

rGb124bca592e1

View Options