On 07/01/15 11:44, NIIBE Yutaka wrote: > On 12/19/2014 05:47 PM, Joshua Rogers wrote: >> Package: gnupg2 >> Version: 2.1.1 >> Severity: normal >> >> in app-nks.c on line 1242, data is assigned the memory of 'datalen', >> which is calculated using oldpinlen + newpinlen. >> The problem is, it doesn't account for the terminating null byte, so >> it should be datalen + 1(or, +2?, will need to check.) > Thank you for your report. But, I think that the code is correct. > There is no terminating null byte for 'data'. > > This kind of usage is common in ISO 7816 format. > > Somehow (slightly) related, I wrote an article for OpenPGPcard > specification: > > CHANGE REFERENCE DATA (OpenPGP card specification 2.0): > > http://www.gniibe.org/log/bugreport/gnupg/openpgp-card-spec-2.0-chenge-reference-data.html Sounds good to me. Closing.
-- -- Joshua Rogers <https://internot.info/>
signature.asc
Description: OpenPGP digital signature
