diff --git a/src/ChangeLog b/src/ChangeLog index a06c09837c5fdeede4d268659d1865100d8e0a04..09fae66d03bf2fe28f3bcdcf7f6e596ccfad8c84 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,9 @@ +2011-03-30 Larry Jones <lawrence.jones@siemens.com> + + * gpg.c (parse_signature_subpacket): Correct spout->raw memory + allocation. + (Reported by David Taylor <dtaylor@emc.com>.) + 2010-10-21 Larry Jones <lawrence.jones@siemens.com> * rcs.c (apply_rcs_changes): Correct deltatext position sanity diff --git a/src/gpg.c b/src/gpg.c index 6ae98f5e3fbfc96ce4987de77aae6bca9486bb71..f70a705e13e618b0b5befe98513e8b61236ec5a0 100644 --- a/src/gpg.c +++ b/src/gpg.c @@ -403,8 +403,8 @@ parse_signature_subpacket (struct buffer *bpin, uint32_t splen; size_t raw_idx = 0; - /* Enough to store the subpacket length. */ - spout->raw = xmalloc (4); + /* Enough to store the subpacket header. */ + spout->raw = xmalloc (5); if ((rc = read_u8 (bpin, &c))) return rc; @@ -435,7 +435,7 @@ parse_signature_subpacket (struct buffer *bpin, error (1, 0, "Received zero length subpacket in OpenPGP signature."); /* Allocate enough bytes for the rest of the subpacket. */ - spout->raw = xrealloc (spout->raw, splen); + spout->raw = xrealloc (spout->raw, raw_idx + splen); /* Read the subpacket type. */ if ((rc = read_u8 (bpin, &c)))