g10: Fix out-of-bounds read.

* g10/armor.c (use_armor_filter): We need two bytes for 'is_armored'. Signed-off-by: Justus Winter <justus@g10code.com>
author: Justus Winter <justus@g10code.com> 2016-07-05 12:38:15 +0200
committer: Justus Winter <justus@g10code.com> 2016-07-05 12:38:15 +0200
commit: a6b87981f7ddef42b25703723162c647e312b125 (patch)
tree: 9dc815cd4112bae0742ac57caaa8091c81fb9b41 /g10/armor.c
parent: wks: Add command --read to gpg-wks-client. (diff)
download: gnupg2-a6b87981f7ddef42b25703723162c647e312b125.tar.xz
gnupg2-a6b87981f7ddef42b25703723162c647e312b125.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/g10/armor.c b/g10/armor.c
index fb7465595..e4503b8b4 100644
--- a/g10/armor.c
+++ b/g10/armor.c
@@ -274,15 +274,17 @@ is_armored( const byte *buf )
 int
 use_armor_filter( IOBUF a )
 {
-    byte buf[1];
+    byte buf[2];
     int n;
 
     /* fixme: there might be a problem with iobuf_peek */
-    n = iobuf_peek(a, buf, 1 );
+    n = iobuf_peek (a, buf, 2);
     if( n == -1 )
 	return 0; /* EOF, doesn't matter whether armored or not */
     if( !n )
 	return 1; /* can't check it: try armored */
+    if (n != 2)
+	return 0; /* short buffer */
     return is_armored(buf);
 }
author	Justus Winter <justus@g10code.com>	2016-07-05 12:38:15 +0200
committer	Justus Winter <justus@g10code.com>	2016-07-05 12:38:15 +0200
commit	a6b87981f7ddef42b25703723162c647e312b125 (patch)
tree	9dc815cd4112bae0742ac57caaa8091c81fb9b41 /g10/armor.c
parent	wks: Add command --read to gpg-wks-client. (diff)
download	gnupg2-a6b87981f7ddef42b25703723162c647e312b125.tar.xz gnupg2-a6b87981f7ddef42b25703723162c647e312b125.zip