Check key_len in secret_to_key_new()

This bug shouldn't be reachable so long as secret_to_key_len and secret_to_key_make_specifier stay in sync, but we might screw up someday. Found by coverity; this is CID 1241500
2024-11-10 21:23:58 +01:00 · 2014-09-26 09:06:36 -04:00 · 2014-09-26 09:06:36 -04:00 · 7c52a0555a
commit 7c52a0555a
parent 801f4d4384
1 changed files with 3 additions and 0 deletions
--- a/src/common/crypto_s2k.c
+++ b/src/common/crypto_s2k.c
@ -392,6 +392,9 @@ secret_to_key_new(uint8_t *buf,
  type = buf[0];
  key_len = secret_to_key_key_len(type);

+  if (key_len < 0)
+    return key_len;
+
  if ((int)buf_len < key_len + spec_len)
    return S2K_TRUNCATED;