From 2c19810e375cb4c1abb95046d2742b609a1fff5f Mon Sep 17 00:00:00 2001 From: csoler Date: Mon, 23 Dec 2013 12:59:34 +0000 Subject: [PATCH] patch from HM to avoid allocating absurdly long uids git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@6958 b45a01b8-16f6-495d-af2f-9b41ad6348cc --- openpgpsdk/src/openpgpsdk/packet-parse.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/openpgpsdk/src/openpgpsdk/packet-parse.c b/openpgpsdk/src/openpgpsdk/packet-parse.c index 4d8120e2a..bdc2b478f 100644 --- a/openpgpsdk/src/openpgpsdk/packet-parse.c +++ b/openpgpsdk/src/openpgpsdk/packet-parse.c @@ -1296,15 +1296,26 @@ static int parse_user_id(ops_region_t *region,ops_parse_info_t *pinfo) if(!(region->length_read == 0)) // ASSERT(region->length_read == 0) /* We should not have read anything so far */ { - fprintf(stderr,"parse_user_id: region read size should be 0. Corrupted data ?") ; + fprintf(stderr,"parse_user_id: region read size should be 0. Corrupted data ?\n") ; return 0 ; } - C.user_id.user_id=malloc(region->length+1); /* XXX should we not like check malloc's return value? */ + /* From gnupg parse-packet.c: + Cap the size of a user ID at 2k: a value absurdly large enough + that there is no sane user ID string (which is printable text + as of RFC2440bis) that won't fit in it, but yet small enough to + avoid allocation problems. */ + + if(region->length > 2048) + { + fprintf(stderr,"parse_user_id(): invalid region length (%u)\n",region->length); + return 0; + } + C.user_id.user_id=malloc(region->length +1); /* XXX should we not like check malloc's return value? */ if(C.user_id.user_id==NULL) { - fprintf(stderr,"malloc failed in parse_user_id") ; + fprintf(stderr,"malloc failed in parse_user_id\n") ; return 0 ; }