Clean up a bounds check in the PGP code

The new code is easier to read and avoids pointer arithmetics.
author: Demi Marie Obenour <demi@invisiblethingslab.com> 2021-06-22 09:19:45 -0400
committer: Panu Matilainen <pmatilai@redhat.com> 2021-11-01 12:11:31 +0200
commit: c5add3a9d29085694db2312dc09d28cc25c83947 (patch)
tree: bc6db0cac5864339b20609618d57cb935a937ff2 /rpmio/rpmpgp.c
parent: 02ea760cac5e2f9485c343245ff740f751d2c792 (diff)
download: rpm-c5add3a9d29085694db2312dc09d28cc25c83947.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
index 9d4f0b662..bfb025b7d 100644
--- a/rpmio/rpmpgp.c
+++ b/rpmio/rpmpgp.c
@@ -745,8 +745,8 @@ static int pgpPrtPubkeyParams(uint8_t pubkey_algo,
     const uint8_t *pend = h + hlen;
     int curve = 0;
     if (pubkey_algo == PGPPUBKEYALGO_EDDSA) {
-	int len = p + 1 < pend ? p[0] : 0;
-	if (len == 0 || len == 0xff || p + 1 + len > pend)
+	int len = (hlen > 1) ? p[0] : 0;
+	if (len == 0 || len == 0xff || len >= hlen)
 	    goto exit;
 	curve = pgpCurveByOid(p + 1, len);
 	p += len + 1;
author	Demi Marie Obenour <demi@invisiblethingslab.com>	2021-06-22 09:19:45 -0400
committer	Panu Matilainen <pmatilai@redhat.com>	2021-11-01 12:11:31 +0200
commit	c5add3a9d29085694db2312dc09d28cc25c83947 (patch)
tree	bc6db0cac5864339b20609618d57cb935a937ff2 /rpmio/rpmpgp.c
parent	02ea760cac5e2f9485c343245ff740f751d2c792 (diff)
download	rpm-c5add3a9d29085694db2312dc09d28cc25c83947.tar.gz