pgp: don't write beyond oid object
fixes Stack-buffer-overflow https://oss-fuzz.com/testcase-detail/6329203163398144
This commit is contained in:
parent
af42a93874
commit
333c41c5d5
|
@ -721,7 +721,7 @@ pgp_parse_algo_attr_blob(const pgp_blob_t *blob, sc_cardctl_openpgp_keygen_info_
|
|||
|
||||
sc_init_oid(&oid);
|
||||
/* Create copy of oid from blob */
|
||||
for (j=0; j < (blob->len-1); j++) {
|
||||
for (j=0; j < (blob->len-1) && j < SC_MAX_OBJECT_ID_OCTETS; j++) {
|
||||
oid.value[j] = blob->data[j+1]; /* ignore first byte of blob (algo ID) */
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue