From: Jonathan McDowell Date: Mon, 22 Aug 2016 16:30:14 +0000 (+0100) Subject: Prevent sign extension when parsing large packet sizes X-Git-Tag: onak-0.5.0~6 X-Git-Url: https://the.earth.li/gitweb/?a=commitdiff_plain;h=a75148cf51de7fe9112f5ba260e62828d5297979;p=onak.git Prevent sign extension when parsing large packet sizes A 2GB+ packet is likely to be a mistake, but in the event it was legitimate sign extension could result in a much larger amount of memory being allocated (and probably failing). Fix this by trying to ensure we're doing an unsigned left shift. --- diff --git a/parsekey.c b/parsekey.c index ed61e24..6255ab8 100644 --- a/parsekey.c +++ b/parsekey.c @@ -308,7 +308,7 @@ onak_status_t read_openpgp_stream(int (*getchar_func)(void *ctx, size_t count, break; } curpacket->packet->length = - (curchar << 24); + ((unsigned) curchar << 24); if (getchar_func(ctx, 1, &curchar)) { rc = ONAK_E_INVALID_PKT; break;