github-mirrors/php-gnupg
1
0
Fork 0
mirror of https://github.com/php-gnupg/php-gnupg.git synced 2026-02-04 05:11:34 +00:00
Code Issues Projects Releases Packages Activity

Add extra check for uid_hint to make sure it never overflows

Browse source
This commit is contained in:
Jakub Zelenka 2025-04-08 11:17:28 +02:00
parent 312655c7ce
commit c839aa56e1
No known key found for this signature in database
GPG key ID: 1C0779DC5C0A9DE4
1 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
gnupg.c
View file

@ -692,10 +692,10 @@ gpgme_error_t passphrase_cb(
GNUPG_ERR("Incorrent passphrase"); GNUPG_ERR("Incorrent passphrase");
return 1; return 1;
} }
for (idx=0; idx < 16; idx++) { for (idx=0; idx < 16 && uid_hint[idx] != '\0'; idx++) {
uid[idx] = uid_hint[idx]; uid[idx] = uid_hint[idx];
} }
uid[16] = '\0'; uid[idx] = '\0';
if (!PHPC_HASH_CSTR_FIND_PTR_IN_COND( if (!PHPC_HASH_CSTR_FIND_PTR_IN_COND(
PHPC_THIS->signkeys, (char *)uid, passphrase)) { PHPC_THIS->signkeys, (char *)uid, passphrase)) {
GNUPG_ERR("no passphrase set"); GNUPG_ERR("no passphrase set");
@ -736,10 +736,10 @@ gpgme_error_t passphrase_decrypt_cb (
GNUPG_ERR("No user ID hint"); GNUPG_ERR("No user ID hint");
return 1; return 1;
} }
for (idx=0; idx < 16; idx++) { for (idx=0; idx < 16 && uid_hint[idx] != '\0'; idx++) {
uid[idx] = uid_hint[idx]; uid[idx] = uid_hint[idx];
} }
uid[16] = '\0'; uid[idx] = '\0';
if (!PHPC_HASH_CSTR_FIND_PTR_IN_COND( if (!PHPC_HASH_CSTR_FIND_PTR_IN_COND(
PHPC_THIS->decryptkeys, (char *)uid, passphrase)) { PHPC_THIS->decryptkeys, (char *)uid, passphrase)) {
GNUPG_ERR("no passphrase set"); GNUPG_ERR("no passphrase set");