diff options
| author | Nick Mathewson <nickm@torproject.org> | 2014-09-26 09:06:36 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2014-09-26 09:06:36 -0400 |
| commit | 7c52a0555aee23f171870c5d41ce3c0f593c2e57 (patch) | |
| tree | 202c47a552bbbd30f853267e0a382cd5dbf18c39 /src/common/crypto_s2k.c | |
| parent | 801f4d438460cd6eb0190fc18161ad499a95bc9b (diff) | |
| download | tor-7c52a0555aee23f171870c5d41ce3c0f593c2e57.tar.gz tor-7c52a0555aee23f171870c5d41ce3c0f593c2e57.zip | |
Check key_len in secret_to_key_new()
This bug shouldn't be reachable so long as secret_to_key_len and
secret_to_key_make_specifier stay in sync, but we might screw up
someday.
Found by coverity; this is CID 1241500
Diffstat (limited to 'src/common/crypto_s2k.c')
| -rw-r--r-- | src/common/crypto_s2k.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/common/crypto_s2k.c b/src/common/crypto_s2k.c index 93c96e74ae..aef8436ad9 100644 --- a/src/common/crypto_s2k.c +++ b/src/common/crypto_s2k.c @@ -392,6 +392,9 @@ secret_to_key_new(uint8_t *buf, type = buf[0]; key_len = secret_to_key_key_len(type); + if (key_len < 0) + return key_len; + if ((int)buf_len < key_len + spec_len) return S2K_TRUNCATED; |