[PATCH 3/4] ssh: update certificate support
Jacob Bachmeyer
jcb62281 at gmail.com
Wed Mar 17 23:39:26 CET 2021
Igor Okulist via Gnupg-devel wrote:
> [...]
> @@ -1304,8 +1304,6 @@ agent_public_key_from_file (ctrl_t ctrl,
> s_skey = NULL;
>
>
> - // TODO: the following FIXME is so true -- following code is
> - // prone to buffer overrun
> /* FIXME: The following thing is pretty ugly code; we should
> investigate how to make it cleaner. Probably code to handle
> canonical S-expressions in a memory buffer is better suited for
> @@ -1314,7 +1312,7 @@ agent_public_key_from_file (ctrl_t ctrl,
> them. */
> assert (sizeof (size_t) <= sizeof (void*));
>
> - format = xtrymalloc (15+4+7*npkey+10+15+1+1+5+4096);
> + format = xtrymalloc (15+4+7*npkey+10+15+1+1+5+10);
> if (!format)
> {
> err = gpg_error_from_syserror ();
>
Are you sure about this? Removing a comment that warns of possible
buffer overruns that need to be addressed without (as far as I can tell)
actually addressing the possible issue while also *reducing* the size of
an allocated buffer strikes me as odd.
-- Jacob
More information about the Gnupg-devel
mailing list