Skip to content

Commit

Permalink
Validate the buffer size when calculating PGP packet size
Browse files Browse the repository at this point in the history
Check that the buffer can actually hold the computed number of bytes.

Initial patch by Demi Marie Obenour.
  • Loading branch information
pmatilai committed Jun 15, 2021
1 parent d07c6ce commit 201e383
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions rpmio/rpmpgp.c
Original file line number Diff line number Diff line change
Expand Up @@ -314,6 +314,9 @@ size_t pgpLen(const uint8_t *s, size_t slen, size_t * lenp)
dlen = pgpGrab(s+1, 4);
}

if (slen - lenlen < dlen)
lenlen = 0;

if (lenlen)
*lenp = dlen;

Expand Down

0 comments on commit 201e383

Please sign in to comment.