| commit | 146cc9e78f225f610e1293db2c4d52425445382e | |
| author | dshaw <dshaw@8a63c251-dffc-0310-8ec6-d64dca2275b1> | |
| Fri, 9 Jun 2006 19:45:19 +0000 (9 19:45 +0000) | ||
| committer | dshaw <dshaw@8a63c251-dffc-0310-8ec6-d64dca2275b1> | |
| Fri, 9 Jun 2006 19:45:19 +0000 (9 19:45 +0000) | ||
| tree | 27fdf38f51c9ae6e7a4045b6327cbd1fa621ef80 | treesnapshot (tar.gz zip) |
| parent | 557787f229e2e15bd331edc9c6359e7d66400d46 | commitdiff |
* parse-packet.c (parse_user_id): Cap the user ID size at 2048 bytes.
This prevents a memory allocation attack with a very large user ID. A
very large packet length could even cause the allocation (a u32) to wrap
around to a small number. Noted by Evgeny Legerov on full-disclosure.
git-svn-id: svn://cvs.gnupg.org/gnupg/trunk@4157 8a63c251-dffc-0310-8ec6-d64dca2275b1
This prevents a memory allocation attack with a very large user ID. A
very large packet length could even cause the allocation (a u32) to wrap
around to a small number. Noted by Evgeny Legerov on full-disclosure.
git-svn-id: svn://cvs.gnupg.org/gnupg/trunk@4157 8a63c251-dffc-0310-8ec6-d64dca2275b1
| g10/ChangeLog | diffblobblamehistory | |
| g10/parse-packet.c | diffblobblamehistory |