[gnome-keyring: 6/7] Do not crash when reading a seemingly valid but truncated keyring file

[Stefan Walter <stefw src gnome org>]

commit 45c20e1d2613b780dc3de7e4614ee37667092fb7
Author: Steve FrÃcinaux <code istique net>
Date:   Sat Dec 3 18:24:47 2011 +0100

    Do not crash when reading a seemingly valid but truncated keyring file
    
    The binary keyring parsing function used to trust the values written in
    the files a little too much. If for some reason the keyring file has
    been truncated, then a memcpy() was attempted but failed with a segfault
    because the actual file was smaller than its expected size.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=665510

 pkcs11/secret-store/gkm-secret-binary.c |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)
---
diff --git a/pkcs11/secret-store/gkm-secret-binary.c b/pkcs11/secret-store/gkm-secret-binary.c
index 9f6569e..2769a24 100644
--- a/pkcs11/secret-store/gkm-secret-binary.c
+++ b/pkcs11/secret-store/gkm-secret-binary.c
@@ -921,6 +921,10 @@ gkm_secret_binary_read (GkmSecretCollection *collection, GkmSecretData *sdata,
 	if (crypto_size % 16 != 0)
 		goto bail;
 
+	/* Ensure the file is large enough to hold all the data (in case it got truncated) */
+	if (buffer.len < offset + crypto_size)
+		goto bail;
+
 	/* Copy the data into to_decrypt into non-pageable memory */
 	egg_buffer_set_allocator (&to_decrypt, egg_secure_realloc);
 	egg_buffer_reserve (&to_decrypt, crypto_size);