diff options
author | Werner Koch <wk@gnupg.org> | 2019-07-15 09:17:06 +0200 |
---|---|---|
committer | Werner Koch <wk@gnupg.org> | 2019-07-15 09:17:06 +0200 |
commit | 1c2cecbb35e1a0760121d76c327651fe7b2b791a (patch) | |
tree | 2ee9396c9a2816274fdebbd3c414bd7689a74946 /src/sexp.c | |
parent | 8a0bde8c211c70756a2d8aa46e1bcf1f6f89e55d (diff) | |
download | libgcrypt-1c2cecbb35e1a0760121d76c327651fe7b2b791a.tar.gz |
sexp: Improve argument checking of sexp parser.
* src/sexp.c (do_vsexp_sscan): Check for bad length in '%b'.
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'src/sexp.c')
-rw-r--r-- | src/sexp.c | 7 |
1 files changed, 7 insertions, 0 deletions
@@ -1541,6 +1541,13 @@ do_vsexp_sscan (gcry_sexp_t *retsexp, size_t *erroff, ARG_NEXT (alen, int); ARG_NEXT (astr, const char *); + if (alen < 0) + { + *erroff = p - buffer; + err = GPG_ERR_INV_ARG; + goto leave; + } + MAKE_SPACE (alen); if (alen && !_gcry_is_secure (c.sexp->d) |