[Pkg-gnupg-maint] Bug#773502: Bug#773502: off-by-one memory assignment
NIIBE Yutaka
gniibe at fsij.org
Wed Jan 7 00:44:50 UTC 2015
On 12/19/2014 05:47 PM, Joshua Rogers wrote:
> Package: gnupg2
> Version: 2.1.1
> Severity: normal
>
> in app-nks.c on line 1242, data is assigned the memory of 'datalen',
> which is calculated using oldpinlen + newpinlen.
> The problem is, it doesn't account for the terminating null byte, so
> it should be datalen + 1(or, +2?, will need to check.)
Thank you for your report. But, I think that the code is correct.
There is no terminating null byte for 'data'.
This kind of usage is common in ISO 7816 format.
Somehow (slightly) related, I wrote an article for OpenPGPcard
specification:
CHANGE REFERENCE DATA (OpenPGP card specification 2.0):
http://www.gniibe.org/log/bugreport/gnupg/openpgp-card-spec-2.0-chenge-reference-data.html
--
More information about the Pkg-gnupg-maint
mailing list