[Pkg-gnupg-maint] Bug#773470: Fwd: off-by-one

Joshua Rogers honey at internot.info
Thu Dec 18 18:32:24 UTC 2014

Previous message: [Pkg-gnupg-maint] Bug#773469: Fwd: uninitalized variable
Next message: [Pkg-gnupg-maint] Bug#773470: Bug#773470: Fwd: off-by-one
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Package: gnupg2
Version: 2.1.1
Severity: normal


Hi,

On line 1242 of app-nks.c, 'xtrymalloc' is called with 'datalen', which is calculated using "size_t datalen = oldpinlen + newpinlen"
This does not account for the null-bytes, and may cause either a buffer overflow, or other problems down the line.


Thanks,

-- 
-- Joshua Rogers <https://internot.info/>

Previous message: [Pkg-gnupg-maint] Bug#773469: Fwd: uninitalized variable
Next message: [Pkg-gnupg-maint] Bug#773470: Bug#773470: Fwd: off-by-one
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Pkg-gnupg-maint mailing list