[svn] GnuPG - r4712 - branches/STABLE-BRANCH-1-4/g10

svn author dshaw cvs at cvs.gnupg.org
Mon Mar 24 03:28:42 CET 2008 

Author: dshaw
Date: 2008-03-24 03:28:40 +0100 (Mon, 24 Mar 2008)
New Revision: 4712

Modified:
   branches/STABLE-BRANCH-1-4/g10/ChangeLog
   branches/STABLE-BRANCH-1-4/g10/import.c
Log:
* import.c (collapse_uids): Fix bug 894: possible memory corruption
around deduplication of user IDs.


Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog
===================================================================
--- branches/STABLE-BRANCH-1-4/g10/ChangeLog	2008-03-22 17:01:37 UTC (rev 4711)
+++ branches/STABLE-BRANCH-1-4/g10/ChangeLog	2008-03-24 02:28:40 UTC (rev 4712)
@@ -1,3 +1,8 @@
+2008-03-23  David Shaw  <dshaw at jabberwocky.com>
+
+	* import.c (collapse_uids): Fix bug 894: possible memory
+	corruption around deduplication of user IDs.
+
 2008-03-17  David Shaw  <dshaw at jabberwocky.com>
 
 	* parse-packet.c (parse_key): Parse a secret key encrypted with

Modified: branches/STABLE-BRANCH-1-4/g10/import.c
===================================================================
--- branches/STABLE-BRANCH-1-4/g10/import.c	2008-03-22 17:01:37 UTC (rev 4711)
+++ branches/STABLE-BRANCH-1-4/g10/import.c	2008-03-24 02:28:40 UTC (rev 4712)
@@ -1654,11 +1654,17 @@
     {
       KBNODE uid2;
 
+      if(is_deleted_kbnode(uid1))
+	continue;
+
       if(uid1->pkt->pkttype!=PKT_USER_ID)
 	continue;
 
       for(uid2=uid1->next;uid2;uid2=uid2->next)
 	{
+	  if(is_deleted_kbnode(uid2))
+	    continue;
+
 	  if(uid2->pkt->pkttype!=PKT_USER_ID)
 	    continue;
 
@@ -1674,6 +1680,9 @@
 		 uid1 */
 	      for(last=uid2;last->next;last=last->next)
 		{
+		  if(is_deleted_kbnode(last))
+		    continue;
+
 		  if(last->next->pkt->pkttype==PKT_USER_ID
 		     || last->next->pkt->pkttype==PKT_PUBLIC_SUBKEY
 		     || last->next->pkt->pkttype==PKT_SECRET_SUBKEY)
@@ -1686,13 +1695,16 @@
 	      /* Now put uid2 in place as part of uid1 */
 	      last->next=uid1->next;
 	      uid1->next=uid2;
-	      remove_kbnode(keyblock,uid2);
+	      delete_kbnode(uid2);
 
 	      /* Now dedupe uid1 */
 	      for(sig1=uid1->next;sig1;sig1=sig1->next)
 		{
 		  KBNODE sig2;
 
+		  if(is_deleted_kbnode(sig1))
+		    continue;
+
 		  if(sig1->pkt->pkttype==PKT_USER_ID
 		     || sig1->pkt->pkttype==PKT_PUBLIC_SUBKEY
 		     || sig1->pkt->pkttype==PKT_SECRET_SUBKEY)
@@ -1703,6 +1715,9 @@
 
 		  for(sig2=sig1->next,last=sig1;sig2;last=sig2,sig2=sig2->next)
 		    {
+		      if(is_deleted_kbnode(sig2))
+			continue;
+
 		      if(sig2->pkt->pkttype==PKT_USER_ID
 			 || sig2->pkt->pkttype==PKT_PUBLIC_SUBKEY
 			 || sig2->pkt->pkttype==PKT_SECRET_SUBKEY)
@@ -1716,7 +1731,7 @@
 			{
 			  /* We have a match, so delete the second
 			     signature */
-			  remove_kbnode(&uid1,sig2);
+			  delete_kbnode(sig2);
 			  sig2=last;
 			}
 		    }
@@ -1725,6 +1740,8 @@
 	}
     }
 
+  commit_kbnode(keyblock);
+
   if(any && !opt.quiet)
     {
       const char *key="???";

More information about the Gnupg-commits mailing list