[PATCH] cipher:pk:sexp: Remove bogus checks in SEXP parsing.
Jacob Bachmeyer
jcb62281 at gmail.com
Wed Jun 18 05:27:11 CEST 2025
On 6/17/25 21:20, Collin Funk wrote:
> Jacob Bachmeyer via Gcrypt-devel <gcrypt-devel at gnupg.org> writes:
>
>> NACK! NACK! NACK!
>>
>> Those are checks for integer overflow. (They may even be correct if
>> VALUELEN is unsigned.)
>>
>> If VALUELEN is a signed type, they are undefined behavior and need to
>> be fixed, not removed.
> It is a size_t so it is unsigned.
Then the checks are correct as written.
> But it looks harmless to remove to me. The call to 'malloc' in
> '_gcry_sexp_nth_buffer' will fail before VALUELEN overflows.
I advocate for defense-in-depth, especially in software as
security-critical as GPG. Nor are these expensive checks: one
multiplication and one comparison are very cheap compared to public key
operations.
-- Jacob
More information about the Gcrypt-devel
mailing list