diff options
| author | Werner Koch <wk@gnupg.org> | 2015-02-11 10:27:57 +0100 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2015-02-11 10:28:25 +0100 |
| commit | 2183683bd633818dd031b090b5530951de76f392 (patch) | |
| tree | af283f4f329a140b76df6f7e83dce7ebb07aabb8 /dirmngr/ldap.c | |
| parent | gpg: Prevent an invalid memory read using a garbled keyring. (diff) | |
| download | gnupg2-2183683bd633818dd031b090b5530951de76f392.tar.xz gnupg2-2183683bd633818dd031b090b5530951de76f392.zip | |
Use inline functions to convert buffer data to scalars.
* common/host2net.h (buf16_to_ulong, buf16_to_uint): New.
(buf16_to_ushort, buf16_to_u16): New.
(buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New.
--
Commit 91b826a38880fd8a989318585eb502582636ddd8 was not enough to
avoid all sign extension on shift problems. Hanno Böck found a case
with an invalid read due to this problem. To fix that once and for
all almost all uses of "<< 24" and "<< 8" are changed by this patch to
use an inline function from host2net.h.
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'dirmngr/ldap.c')
| -rw-r--r-- | dirmngr/ldap.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/dirmngr/ldap.c b/dirmngr/ldap.c index 00df167e2..c59619897 100644 --- a/dirmngr/ldap.c +++ b/dirmngr/ldap.c @@ -36,6 +36,7 @@ #include "ldapserver.h" #include "misc.h" #include "ldap-wrapper.h" +#include "host2net.h" #define UNENCODED_URL_CHARS "abcdefghijklmnopqrstuvwxyz" \ @@ -664,7 +665,7 @@ fetch_next_cert_ldap (cert_fetch_context_t context, gpg_error_t err; unsigned char hdr[5]; char *p, *pend; - int n; + unsigned long n; int okay = 0; /* int is_cms = 0; */ @@ -677,7 +678,7 @@ fetch_next_cert_ldap (cert_fetch_context_t context, err = read_buffer (context->reader, hdr, 5); if (err) break; - n = (hdr[1] << 24)|(hdr[2]<<16)|(hdr[3]<<8)|hdr[4]; + n = buf32_to_ulong (hdr+1); if (*hdr == 'V' && okay) { #if 0 /* That code is not yet ready. */ |