gitea-mirror/git-crypt
1
0
Fork 0
mirror of https://github.com/AGWA/git-crypt.git synced 2025-12-05 20:40:05 -08:00
Code Issues Packages Projects Releases Wiki Activity

Avoid unsafe integer signedness conversions when loading key file

Browse Source
This commit is contained in:
Andrew Ayer
2014-07-02 22:08:45 -07:00
parent 3511033f7f
commit 4af0a0cfc1
2 changed files with 12 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
key.cpp
View File

@@ -91,8 +91,11 @@ void Key_file::Entry::load (std::istream& in)
throw Incompatible();
} else {
// unknown non-critical field - safe to ignore
if (field_len > MAX_FIELD_LEN) {
throw Malformed();
}
in.ignore(field_len);
if (in.gcount() != field_len) {
if (in.gcount() != static_cast<std::streamsize>(field_len)) {
throw Malformed();
}
}
@@ -208,7 +211,7 @@ void Key_file::load_header (std::istream& in)
}
std::vector<char> bytes(field_len);
in.read(&bytes[0], field_len);
if (in.gcount() != field_len) {
if (in.gcount() != static_cast<std::streamsize>(field_len)) {
throw Malformed();
}
key_name.assign(&bytes[0], field_len);
@@ -220,8 +223,11 @@ void Key_file::load_header (std::istream& in)
throw Incompatible();
} else {
// unknown non-critical field - safe to ignore
if (field_len > MAX_FIELD_LEN) {
throw Malformed();
}
in.ignore(field_len);
if (in.gcount() != field_len) {
if (in.gcount() != static_cast<std::streamsize>(field_len)) {
throw Malformed();
}
}

3
key.hpp
View File

@@ -102,6 +102,9 @@ private:
KEY_FIELD_AES_KEY = 3,
KEY_FIELD_HMAC_KEY = 5
};
enum {
MAX_FIELD_LEN = 1<<20
};
};
enum {