[git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.12-27-ge33e74e
by Werner Koch
cvs at cvs.gnupg.org
Sat Dec 15 11:32:37 CET 2012
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-1-4 has been updated
via e33e74e3a4b2b4a0341f933410ddd5db7a12515e (commit)
from eb541e35b80e5864bf7264157091afee3c4a8bfd (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit e33e74e3a4b2b4a0341f933410ddd5db7a12515e
Author: Werner Koch <wk at gnupg.org>
Date: Sat Dec 15 11:28:00 2012 +0100
Fix potential heap corruption in "gpg -v --version"
* g10/gpg.c (build_list): Rewrite to cope with buffer overflow in
certain locales.
* util/membuf.c (put_membuf_str): New.
(get_membuf): Make LEN optional.
--
This fixes an obvious bug in locales where the translated string is
longer than the original. The bug could be exhibited by using
LANG=ru_RU.utf8 gpg -v --version.
En passant we also removed the trailing white space on continued
lines.
Reported-by: Dmitry V. Levin" <ldv at altlinux.org>
diff --git a/THANKS b/THANKS
index ae64d9f..791516e 100644
--- a/THANKS
+++ b/THANKS
@@ -49,6 +49,7 @@ David R. Bergstein dbergstein at home.com
David Shaw dshaw at jabberwocky.com
Detlef Lannert lannert at lannert.rz.uni-duesseldorf.de
Dimitri dmitri at advantrix.com
+Dmitry V. Levin ldv at altlinux dot org
Dirk Lattermann dlatt at t-online.de
Dirk Meyer dirk.meyer at dinoex.sub.org
Disastry Disastry at saiknes.lv
@@ -90,7 +91,7 @@ Ian McKellar imckellar at harvestroad.com.au
Ingo Klöcker kloecker at kde.org
Ivo Timmermans itimmermans at bigfoot.com
Jan Krueger max at physics.otago.ac.nz
-Jan Niehusmann jan at gondor.com
+Jan Niehusmann jan at gondor.com
Janusz A. Urbanowicz alex at bofh.torun.pl
James Troup james at nocrew.org
Jason Woodward jason dot woodward at timesys dot com
@@ -120,18 +121,18 @@ Karl Fogel kfogel at guanabana.onshore.com
Karsten Thygesen karthy at kom.auc.dk
Katsuhiro Kondou kondou at nec.co.jp
Kazu Yamamoto kazu at iijlab.net
-Kazuyoshi Kakihara
+Kazuyoshi Kakihara
Keith Clayton keith at claytons.org
Kevin Ryde user42 at zip.com.au
Klaus Singvogel ks at caldera.de
Kurt Garloff garloff at suse.de
Lars Kellogg-Stedman lars at bu.edu
L. Sassaman rabbi at quickie.net
-M Taylor mctaylor at privacy.nb.ca
+M Taylor mctaylor at privacy.nb.ca
Marcel Waldvogel mwa at arl.wustl.edu
Marco d'Itri md at linux.it
Marco Parrone marc0 at autistici.org
-Marcus Brinkmann Marcus.Brinkmann at ruhr-uni-bochum.de
+Marcus Brinkmann Marcus.Brinkmann at ruhr-uni-bochum.de
Mark Adler madler at alumni.caltech.edu
Mark Elbrecht snowball3 at bigfoot.com
Mark Pettit pettit at yahoo-inc.com
diff --git a/g10/gpg.c b/g10/gpg.c
index 573bb90..96f9086 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -835,57 +835,53 @@ strusage( int level )
static char *
-build_list( const char *text, char letter,
- const char * (*mapf)(int), int (*chkf)(int) )
+build_list (const char *text, char letter,
+ const char * (*mapf)(int), int (*chkf)(int))
{
- int i;
- const char *s;
- size_t n=strlen(text)+2;
- char *list, *p, *line=NULL;
-
- if( maybe_setuid )
- secmem_init( 0 ); /* drop setuid */
-
- for(i=0; i <= 110; i++ )
- if( !chkf(i) && (s=mapf(i)) )
- n += strlen(s) + 7 + 2;
- list = xmalloc( 21 + n ); *list = 0;
- for(p=NULL, i=0; i <= 110; i++ ) {
- if( !chkf(i) && (s=mapf(i)) ) {
- if( !p ) {
- p = stpcpy( list, text );
- line=p;
- }
- else
- p = stpcpy( p, ", ");
+ membuf_t mb;
+ int indent;
+ int i, j, len;
+ const char *s;
+ char *string;
- if(strlen(line)>60) {
- int spaces=strlen(text);
+ if (maybe_setuid)
+ secmem_init (0); /* Drop setuid */
- list=xrealloc(list,n+spaces+1);
- /* realloc could move the block, so find the end again */
- p=list;
- while(*p)
- p++;
+ indent = strlen (text);
+ len = 0;
+ init_membuf (&mb, 512);
- p=stpcpy(p, "\n");
- line=p;
- for(;spaces;spaces--)
- p=stpcpy(p, " ");
+ for (i=0; i <= 110; i++ )
+ {
+ if (!chkf (i) && (s = mapf (i)))
+ {
+ if (mb.len - len > 60)
+ {
+ put_membuf_str (&mb, ",\n");
+ len = mb.len;
+ for (j=0; j < indent; j++)
+ put_membuf_str (&mb, " ");
}
+ else if (mb.len)
+ put_membuf_str (&mb, ", ");
+ else
+ put_membuf_str (&mb, text);
- p = stpcpy(p, s );
- if(opt.verbose && letter)
- {
- char num[8];
- sprintf(num," (%c%d)",letter,i);
- p = stpcpy(p,num);
- }
+ put_membuf_str (&mb, s);
+ if (opt.verbose && letter)
+ {
+ char num[20];
+ snprintf (num, sizeof num, " (%c%d)", letter, i);
+ put_membuf_str (&mb, num);
+ }
}
}
- if( p )
- p = stpcpy(p, "\n" );
- return list;
+ if (mb.len)
+ put_membuf_str (&mb, "\n");
+ put_membuf (&mb, "", 1);
+
+ string = get_membuf (&mb, NULL);
+ return xrealloc (string, strlen (string)+1);
}
diff --git a/include/util.h b/include/util.h
index 9303a50..3057b25 100644
--- a/include/util.h
+++ b/include/util.h
@@ -219,6 +219,7 @@ typedef struct private_membuf_s membuf_t;
void init_membuf (membuf_t *mb, int initiallen);
void put_membuf (membuf_t *mb, const void *buf, size_t len);
+void put_membuf_str (membuf_t *mb, const char *buf);
void *get_membuf (membuf_t *mb, size_t *len);
diff --git a/util/membuf.c b/util/membuf.c
index db3f5ac..3f7a61d 100644
--- a/util/membuf.c
+++ b/util/membuf.c
@@ -52,7 +52,7 @@ put_membuf (membuf_t *mb, const void *buf, size_t len)
if (mb->len + len >= mb->size)
{
char *p;
-
+
mb->size += len + 1024;
p = xrealloc (mb->buf, mb->size);
mb->buf = p;
@@ -62,6 +62,13 @@ put_membuf (membuf_t *mb, const void *buf, size_t len)
}
+void
+put_membuf_str (membuf_t *mb, const char *buf)
+{
+ put_membuf (mb, buf, strlen (buf));
+}
+
+
void *
get_membuf (membuf_t *mb, size_t *len)
{
@@ -75,7 +82,8 @@ get_membuf (membuf_t *mb, size_t *len)
}
p = mb->buf;
- *len = mb->len;
+ if (len)
+ *len = mb->len;
mb->buf = NULL;
mb->out_of_core = ENOMEM; /* hack to make sure it won't get reused. */
return p;
-----------------------------------------------------------------------
Summary of changes:
THANKS | 9 +++--
g10/gpg.c | 90 ++++++++++++++++++++++++++-----------------------------
include/util.h | 1 +
util/membuf.c | 12 ++++++-
4 files changed, 59 insertions(+), 53 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list