[tor-commits] [tor/master] Check key_len in secret_to_key_new()
nickm at torproject.org
nickm at torproject.org
Fri Sep 26 13:09:11 UTC 2014
commit 7c52a0555aee23f171870c5d41ce3c0f593c2e57
Author: Nick Mathewson <nickm at torproject.org>
Date: Fri Sep 26 09:06:36 2014 -0400
Check key_len in secret_to_key_new()
This bug shouldn't be reachable so long as secret_to_key_len and
secret_to_key_make_specifier stay in sync, but we might screw up
someday.
Found by coverity; this is CID 1241500
---
src/common/crypto_s2k.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/common/crypto_s2k.c b/src/common/crypto_s2k.c
index 93c96e7..aef8436 100644
--- a/src/common/crypto_s2k.c
+++ b/src/common/crypto_s2k.c
@@ -392,6 +392,9 @@ secret_to_key_new(uint8_t *buf,
type = buf[0];
key_len = secret_to_key_key_len(type);
+ if (key_len < 0)
+ return key_len;
+
if ((int)buf_len < key_len + spec_len)
return S2K_TRUNCATED;
More information about the tor-commits
mailing list