$NetBSD: patch-ba,v 1.1 2006/06/23 12:28:55 shannonjr Exp $

--- ./g10/parse-packet.c.orig	2005-07-27 08:18:03.000000000 -0600
+++ ./g10/parse-packet.c
@@ -1995,6 +1995,19 @@ parse_attribute( iobuf_t inp, int pkttyp
     byte *p;
 
 #define EXTRA_UID_NAME_SPACE 71
+    /* Cap the size of a user ID at 2k: a value absurdly large enough
+       that there is no sane user ID string (which is printable text
+       as of RFC2440bis) that won't fit in it, but yet small enough to
+       avoid allocation problems.  A large pktlen may not be
+       allocatable, and a very large pktlen could actually cause our
+       allocation to wrap around in xmalloc to a small number. */
+      
+    if(pktlen>2048)
+    {
+      log_error("packet(%d) too large\n", pkttype);
+      iobuf_skip_rest(inp, pktlen, 0);
+      return G10ERR_INVALID_PACKET;
+    }
     packet->pkt.user_id = xmalloc (sizeof *packet->pkt.user_id
                                   + EXTRA_UID_NAME_SPACE);
 
