diff options
| author | Werner Koch <wk@gnupg.org> | 2016-12-08 17:03:26 +0100 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2016-12-08 17:03:26 +0100 |
| commit | a75790b74095828f967c012eff7033f570d93077 (patch) | |
| tree | 6832175864a9c2b8175cd8be828dcb52b9b544b7 /g10 | |
| parent | wks: New option --check for gpg-wks-client. (diff) | |
| download | gnupg2-a75790b74095828f967c012eff7033f570d93077.tar.xz gnupg2-a75790b74095828f967c012eff7033f570d93077.zip | |
gpg: Fix the fix out-of-bounds access.
* g10/tofu.c (build_conflict_set): Revert to int* and fix calloc.
--
The original code used an int array and thus better keep that and do
not limit it to 128 entries.
Fixes-commit: c3008bffac68b6f31e9ae9bad837cdce5de7c0db
Fixes-commit: 3b5b94ceab7c0ed9501c5cf54b4efa17fcd7300a
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'g10')
| -rw-r--r-- | g10/tofu.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/g10/tofu.c b/g10/tofu.c index abf1ab42d..d15b25f4f 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -2227,10 +2227,10 @@ build_conflict_set (tofu_dbs_t dbs, int j; strlist_t *prevp; strlist_t iter_next; - char *die; + int *die; log_assert (conflict_set_count > 0); - die = xtrycalloc (1, conflict_set_count); + die = xtrycalloc (conflict_set_count, sizeof *die); if (!die) { /*err = gpg_error_from_syserror ();*/ |