github-mirrors/php-gnupg
1
0
Fork 0
mirror of https://github.com/php-gnupg/php-gnupg.git synced 2026-01-11 19:09:35 +00:00
Code Issues Projects Releases Packages Activity

Add extra check for uid_hint to make sure it never overflows

Browse source
This commit is contained in:
Jakub Zelenka 2025-04-08 11:17:28 +02:00
parent 312655c7ce
commit c839aa56e1
No known key found for this signature in database
GPG key ID: 1C0779DC5C0A9DE4
1 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
gnupg.c
View file

@ -692,10 +692,10 @@ gpgme_error_t passphrase_cb(
GNUPG_ERR("Incorrent passphrase");
return 1;
}
for (idx=0; idx < 16; idx++) {
for (idx=0; idx < 16 && uid_hint[idx] != '\0'; idx++) {
uid[idx] = uid_hint[idx];
}
uid[16] = '\0';
uid[idx] = '\0';
if (!PHPC_HASH_CSTR_FIND_PTR_IN_COND(
PHPC_THIS->signkeys, (char *)uid, passphrase)) {
GNUPG_ERR("no passphrase set");
@ -736,10 +736,10 @@ gpgme_error_t passphrase_decrypt_cb (
GNUPG_ERR("No user ID hint");
return 1;
}
for (idx=0; idx < 16; idx++) {
for (idx=0; idx < 16 && uid_hint[idx] != '\0'; idx++) {
uid[idx] = uid_hint[idx];
}
uid[16] = '\0';
uid[idx] = '\0';
if (!PHPC_HASH_CSTR_FIND_PTR_IN_COND(
PHPC_THIS->decryptkeys, (char *)uid, passphrase)) {
GNUPG_ERR("no passphrase set");