ExternalVendorCode/go-attestation
1
0
Fork 0
mirror of https://github.com/google/go-attestation.git synced 2025-02-21 01:11:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix integer overflow in digest parsing (#211)

Browse Source
This commit is contained in:
Brandon Weeks 2021-04-13 15:57:16 -07:00 committed by GitHub
parent b89180c3eb
commit 31ad4f57fd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
attest/eventlog.go
View File

@ -712,7 +712,7 @@ func parseRawEvent2(r *bytes.Buffer, specID *specIDEvent) (event rawEvent, err e
if alg.ID != algID {
continue
}
if uint16(r.Len()) < alg.Size {
if r.Len() < int(alg.Size) {
return event, fmt.Errorf("reading digest: %v", io.ErrUnexpectedEOF)
}
digest.data = make([]byte, alg.Size)