Overview

File gnutls-out-of-bound-read-in-OpenPGP-certificate-parsing.patch of Package gnutls.5070

commit 0831b3687a8485525ee013c06a520b821e23b7b9
Author: Alex Gaynor <alex.gaynor@gmail.com>
Date:   Wed Mar 8 14:52:38 2017 -0500

    Do not attempt to parse a 32-bit integer if a packet is not 4 bytes.
    
        This addresses:
          https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=737
    
    Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>

commit 63b13c09ddd21cc886ee14a0f48cc74a810f0abf
Author: Alex Gaynor <alex.gaynor@gmail.com>
Date:   Sat Mar 11 10:28:50 2017 -0500

    Do not attempt to parse a 32-bit integer if a packet is not 4 bytes.
    
    This addresses:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=824
    
    Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>


diff --git a/lib/opencdk/keydb.c b/lib/opencdk/keydb.c
index 64eebf0..c5e6ff5 100644
--- a/lib/opencdk/keydb.c
+++ b/lib/opencdk/keydb.c
@@ -1580,7 +1580,7 @@ keydb_parse_allsigs(cdk_kbnode_t knode, cdk_keydb_hd_t hd, int check)
 							    signature->
 							    hashed,
 							    CDK_SIGSUBPKT_KEY_EXPIRE);
-					if (s) {
+					if (s && s->size == 4) {
 						expiredate =
 						    _cdk_buftou32(s->d);
 						pk->expiredate =
@@ -1611,7 +1611,7 @@ keydb_parse_allsigs(cdk_kbnode_t knode, cdk_keydb_hd_t hd, int check)
 							    signature->
 							    hashed,
 							    CDK_SIGSUBPKT_KEY_EXPIRE);
-					if (s) {
+					if (s && s->size == 4) {
 						expiredate =
 						    _cdk_buftou32(s->d);
 						pk->expiredate =
openSUSE Build Service is sponsored by
Places