sexp: Improve argument checking of sexp parser.

* src/sexp.c (do_vsexp_sscan): Check for bad length in '%b'. Signed-off-by: Werner Koch <wk@gnupg.org>
author: Werner Koch <wk@gnupg.org> 2019-07-15 09:17:06 +0200
committer: Werner Koch <wk@gnupg.org> 2019-07-15 09:17:06 +0200
commit: 1c2cecbb35e1a0760121d76c327651fe7b2b791a (patch)
tree: 2ee9396c9a2816274fdebbd3c414bd7689a74946 /src/sexp.c
parent: 8a0bde8c211c70756a2d8aa46e1bcf1f6f89e55d (diff)
download: libgcrypt-1c2cecbb35e1a0760121d76c327651fe7b2b791a.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/src/sexp.c b/src/sexp.c
index a04ff3fd..57d77d29 100644
--- a/src/sexp.c
+++ b/src/sexp.c
@@ -1541,6 +1541,13 @@ do_vsexp_sscan (gcry_sexp_t *retsexp, size_t *erroff,
 	      ARG_NEXT (alen, int);
 	      ARG_NEXT (astr, const char *);
 
+              if (alen < 0)
+                {
+                  *erroff = p - buffer;
+		  err = GPG_ERR_INV_ARG;
+                  goto leave;
+                }
+
 	      MAKE_SPACE (alen);
 	      if (alen
                   && !_gcry_is_secure (c.sexp->d)
author	Werner Koch <wk@gnupg.org>	2019-07-15 09:17:06 +0200
committer	Werner Koch <wk@gnupg.org>	2019-07-15 09:17:06 +0200
commit	1c2cecbb35e1a0760121d76c327651fe7b2b791a (patch)
tree	2ee9396c9a2816274fdebbd3c414bd7689a74946 /src/sexp.c
parent	8a0bde8c211c70756a2d8aa46e1bcf1f6f89e55d (diff)
download	libgcrypt-1c2cecbb35e1a0760121d76c327651fe7b2b791a.tar.gz