diff options
Diffstat (limited to 'security/gnupg/patches/patch-ba')
| -rw-r--r-- | security/gnupg/patches/patch-ba | 27 |
1 files changed, 0 insertions, 27 deletions
diff --git a/security/gnupg/patches/patch-ba b/security/gnupg/patches/patch-ba deleted file mode 100644 index 2027b44108c..00000000000 --- a/security/gnupg/patches/patch-ba +++ /dev/null @@ -1,27 +0,0 @@ -$NetBSD: patch-ba,v 1.1 2006/06/24 14:20:29 salo Exp $ - -Security fix for CVE-2006-3082, from GnuPG CVS repository. - ---- g10/parse-packet.c.orig 2005-12-06 14:22:19.000000000 +0100 -+++ g10/parse-packet.c 2006-06-24 16:09:34.000000000 +0200 -@@ -1972,6 +1972,20 @@ - { - byte *p; - -+ /* Cap the size of a user ID at 2k: a value absurdly large enough -+ that there is no sane user ID string (which is printable text -+ as of RFC2440bis) that won't fit in it, but yet small enough to -+ avoid allocation problems. A large pktlen may not be -+ allocatable, and a very large pktlen could actually cause our -+ allocation to wrap around in xmalloc to a small number. */ -+ -+ if(pktlen>2048) -+ { -+ log_error("packet(%d) too large\n", pkttype); -+ iobuf_skip_rest(inp, pktlen, 0); -+ return G10ERR_INVALID_PACKET; -+ } -+ - packet->pkt.user_id = xmalloc_clear(sizeof *packet->pkt.user_id + pktlen); - packet->pkt.user_id->len = pktlen; - packet->pkt.user_id->ref=1; |