kbx: Fix possible segv in kbxdump.

* kbx/keybox-dump.c (_keybox_dump_blob): Check length before get32. Signed-off-by: Werner Koch <wk@gnupg.org>
author: Werner Koch <wk@gnupg.org> 2013-11-15 08:36:39 +0100
committer: Werner Koch <wk@gnupg.org> 2013-11-15 09:01:11 +0100
commit: 9ae48b173c93f4747a9826beb1fbd023c4362c22 (patch)
tree: a9b7abdb827b7849e0016ce5761c89d24987a6db /kbx
parent: Require Libgcrypt 1.6 (diff)
download: gnupg2-9ae48b173c93f4747a9826beb1fbd023c4362c22.tar.xz
gnupg2-9ae48b173c93f4747a9826beb1fbd023c4362c22.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/kbx/keybox-dump.c b/kbx/keybox-dump.c
index c397f9c81..1af6a9cba 100644
--- a/kbx/keybox-dump.c
+++ b/kbx/keybox-dump.c
@@ -402,7 +402,7 @@ _keybox_dump_blob (KEYBOXBLOB blob, FILE *fp)
   n = get32 (p ); p += 4;
   fprintf (fp, "Reserved-Space: %lu\n", n );
 
-  if (unhashed >= 24)
+  if (n >= 4 && unhashed >= 24)
     {
       n = get32 ( buffer + length - unhashed);
       fprintf (fp, "Storage-Flags: %08lx\n", n );
author	Werner Koch <wk@gnupg.org>	2013-11-15 08:36:39 +0100
committer	Werner Koch <wk@gnupg.org>	2013-11-15 09:01:11 +0100
commit	9ae48b173c93f4747a9826beb1fbd023c4362c22 (patch)
tree	a9b7abdb827b7849e0016ce5761c89d24987a6db /kbx
parent	Require Libgcrypt 1.6 (diff)
download	gnupg2-9ae48b173c93f4747a9826beb1fbd023c4362c22.tar.xz gnupg2-9ae48b173c93f4747a9826beb1fbd023c4362c22.zip