[Pkg-gnupg-maint] Bug#773502: off-by-one memory assignment

Joshua Rogers honey at internot.info
Fri Dec 19 08:47:57 UTC 2014

Previous message: [Pkg-gnupg-maint] Bug#773499: singleton used as array
Next message: [Pkg-gnupg-maint] Bug#773507: explicit buffer overrun
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Package: gnupg2
Version: 2.1.1
Severity: normal

in app-nks.c on line 1242, data is assigned the memory of 'datalen', which is calculated using oldpinlen + newpinlen.
The problem is, it doesn't account for the terminating null byte, so it should be datalen + 1(or, +2?, will need to check.)

Thanks

-- 
-- Joshua Rogers <https://internot.info/>

Previous message: [Pkg-gnupg-maint] Bug#773499: singleton used as array
Next message: [Pkg-gnupg-maint] Bug#773507: explicit buffer overrun
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Pkg-gnupg-maint mailing list