diff options
author | Demi Marie Obenour <demi@invisiblethingslab.com> | 2021-06-22 09:19:45 -0400 |
---|---|---|
committer | Panu Matilainen <pmatilai@redhat.com> | 2021-11-01 12:11:31 +0200 |
commit | c5add3a9d29085694db2312dc09d28cc25c83947 (patch) | |
tree | bc6db0cac5864339b20609618d57cb935a937ff2 /rpmio/rpmpgp.c | |
parent | 02ea760cac5e2f9485c343245ff740f751d2c792 (diff) | |
download | rpm-c5add3a9d29085694db2312dc09d28cc25c83947.tar.gz |
Clean up a bounds check in the PGP code
The new code is easier to read and avoids pointer arithmetics.
Diffstat (limited to 'rpmio/rpmpgp.c')
-rw-r--r-- | rpmio/rpmpgp.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c index 9d4f0b662..bfb025b7d 100644 --- a/rpmio/rpmpgp.c +++ b/rpmio/rpmpgp.c @@ -745,8 +745,8 @@ static int pgpPrtPubkeyParams(uint8_t pubkey_algo, const uint8_t *pend = h + hlen; int curve = 0; if (pubkey_algo == PGPPUBKEYALGO_EDDSA) { - int len = p + 1 < pend ? p[0] : 0; - if (len == 0 || len == 0xff || p + 1 + len > pend) + int len = (hlen > 1) ? p[0] : 0; + if (len == 0 || len == 0xff || len >= hlen) goto exit; curve = pgpCurveByOid(p + 1, len); p += len + 1; |