[git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-108-ge606d5f

by Werner Koch cvs at cvs.gnupg.org
Thu Aug 21 14:15:58 CEST 2014 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  e606d5f1bada1f2d21faeedd3fa2cf2dca7b274c (commit)
      from  f850add813d783f31ca6a60459dea25ef71bce7e (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit e606d5f1bada1f2d21faeedd3fa2cf2dca7b274c
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Aug 21 14:12:55 2014 +0200

    sexp: Check args of gcry_sexp_build.
    
    * src/sexp.c (do_vsexp_sscan): Return error for invalid args.
    --
    
    This helps to avoid usage errors by passing NULL for the return
    variable and the format string.

diff --git a/src/sexp.c b/src/sexp.c
index 0e4af52..9bc13ca 100644
--- a/src/sexp.c
+++ b/src/sexp.c
@@ -1119,6 +1119,13 @@ do_vsexp_sscan (gcry_sexp_t *retsexp, size_t *erroff,
   int arg_counter = 0;
   int level = 0;
 
+  if (!retsexp)
+    return GPG_ERR_INV_ARG;
+  *retsexp = NULL;
+
+  if (!buffer)
+    return GPG_ERR_INV_ARG;
+
   if (!erroff)
     erroff = &dummy_erroff;
 
@@ -1160,7 +1167,7 @@ do_vsexp_sscan (gcry_sexp_t *retsexp, size_t *erroff,
      the provided one.  However, we add space for one extra datalen so
      that the code which does the ST_CLOSE can use MAKE_SPACE */
   c.allocated = length + sizeof(DATALEN);
-  if (buffer && length && _gcry_is_secure (buffer))
+  if (length && _gcry_is_secure (buffer))
     c.sexp = xtrymalloc_secure (sizeof *c.sexp + c.allocated - 1);
   else
     c.sexp = xtrymalloc (sizeof *c.sexp + c.allocated - 1);
@@ -1682,8 +1689,6 @@ do_vsexp_sscan (gcry_sexp_t *retsexp, size_t *erroff,
             wipememory (c.sexp, sizeof (struct gcry_sexp) + c.allocated - 1);
           xfree (c.sexp);
         }
-      /* This might be expected by existing code...  */
-      *retsexp = NULL;
     }
   else
     *retsexp = normalize (c.sexp);

-----------------------------------------------------------------------

Summary of changes:
 src/sexp.c |   11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org

More information about the Gnupg-commits mailing list