On 12/19/2014 05:47 PM, Joshua Rogers wrote:
> Package: gnupg2
> Version: 2.1.1
> Severity: normal
>
> in app-nks.c on line 1242, data is assigned the memory of 'datalen',
> which is calculated using oldpinlen + newpinlen.
> The problem is, it doesn't account for the terminating null byte, so
> it should be datalen + 1(or, +2?, will need to check.)
Thank you for your report. But, I think that the code is correct.
There is no terminating null byte for 'data'.
This kind of usage is common in ISO 7816 format.
Somehow (slightly) related, I wrote an article for OpenPGPcard
specification:
CHANGE REFERENCE DATA (OpenPGP card specification 2.0):
http://www.gniibe.org/log/bugreport/gnupg/openpgp-card-spec-2.0-chenge-reference-data.html
--
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
