gpg: Fix export of ecc secret keys by adjusting check ordering.

* g10/export.c (transfer_format_to_openpgp): Move the check against PUBKEY_MAX_NSKEY to after the ECC code adjusts the number of parameters.
author: Kyle Butt <kylebutt@gmail.com> 2014-08-26 23:11:47 +0200
committer: Werner Koch <wk@gnupg.org> 2014-09-01 10:20:17 +0200
commit: 4054d86abcb7ad953ed9e988b1765cb9266faefd (patch)
tree: 49ea8dafaa56f4fd49b6024a004cbac6348a7c96 /g10
parent: agent: Allow key unprotection using AES-256. (diff)
download: gnupg2-4054d86abcb7ad953ed9e988b1765cb9266faefd.tar.xz
gnupg2-4054d86abcb7ad953ed9e988b1765cb9266faefd.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/g10/export.c b/g10/export.c
index 6a921c192..b4f1a2e4d 100644
--- a/g10/export.c
+++ b/g10/export.c
@@ -462,7 +462,7 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk)
   xfree (string); string = NULL;
   if (gcry_pk_algo_info (pk_algo, GCRYCTL_GET_ALGO_NPKEY, NULL, &npkey)
       || gcry_pk_algo_info (pk_algo, GCRYCTL_GET_ALGO_NSKEY, NULL, &nskey)
-      || !npkey || npkey >= nskey || nskey > PUBKEY_MAX_NSKEY)
+      || !npkey || npkey >= nskey)
     goto bad_seckey;
 
   /* Check that the pubkey algo matches the one from the public key.  */
@@ -503,6 +503,10 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk)
       goto leave;
     }
 
+  /* This check has to go after the ecc adjustments. */
+  if (nskey > PUBKEY_MAX_NSKEY)
+    goto bad_seckey;
+
   /* Parse the key parameters.  */
   gcry_sexp_release (list);
   list = gcry_sexp_find_token (top_list, "skey", 0);
author	Kyle Butt <kylebutt@gmail.com>	2014-08-26 23:11:47 +0200
committer	Werner Koch <wk@gnupg.org>	2014-09-01 10:20:17 +0200
commit	4054d86abcb7ad953ed9e988b1765cb9266faefd (patch)
tree	49ea8dafaa56f4fd49b6024a004cbac6348a7c96 /g10
parent	agent: Allow key unprotection using AES-256. (diff)
download	gnupg2-4054d86abcb7ad953ed9e988b1765cb9266faefd.tar.xz gnupg2-4054d86abcb7ad953ed9e988b1765cb9266faefd.zip