[git] GnuPG - branch, master, updated. gnupg-2.1.0-42-g596ae9f
by Werner Koch
cvs at cvs.gnupg.org
Mon Nov 24 18:07:25 CET 2014
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 596ae9f5433ca3b0e01f7acbe06fd2e424c42ae8 (commit)
via 0988764397f99db4efef1eabcdb8072d6159af76 (commit)
from b716e6a69919b89c7887d6c7c9b97e58d18fdf95 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 596ae9f5433ca3b0e01f7acbe06fd2e424c42ae8
Author: Werner Koch <wk at gnupg.org>
Date: Mon Nov 24 18:05:45 2014 +0100
gpg: Fix use of uninit.value in listing sig subpkts.
* g10/parse-packet.c (dump_sig_subpkt): Print regex subpacket
sanitized.
--
We may not use "%s" to print an arbitrary buffer. At least "%.*s"
should have been used. However, it is in general preferable to escape
control characters while printf user data.
Reported-by: Hanno Böck
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index f75e21c..58cb1c4 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -1151,7 +1151,11 @@ dump_sig_subpkt (int hashed, int type, int critical,
if (!length)
p = "[invalid regexp subpacket]";
else
- es_fprintf (listfp, "regular expression: \"%s\"", buffer);
+ {
+ es_fprintf (listfp, "regular expression: \"");
+ es_write_sanitized (listfp, buffer, length, "\"", NULL);
+ p = "\"";
+ }
break;
case SIGSUBPKT_REVOCABLE:
if (length)
commit 0988764397f99db4efef1eabcdb8072d6159af76
Author: Werner Koch <wk at gnupg.org>
Date: Mon Nov 24 17:28:25 2014 +0100
gpg: Fix off-by-one read in the attribute subpacket parser.
* g10/parse-packet.c (parse_attribute_subpkts): Check that the
attribute packet is large enough for the subpacket type.
--
Reported-by: Hanno Böck
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index e0370aa..f75e21c 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -2359,8 +2359,16 @@ parse_attribute_subpkts (PKT_user_id * uid)
if (buflen < n)
goto too_short;
- attribs =
- xrealloc (attribs, (count + 1) * sizeof (struct user_attribute));
+ if (!n)
+ {
+ /* Too short to encode the subpacket type. */
+ if (opt.verbose)
+ log_info ("attribute subpacket too short\n");
+ break;
+ }
+
+ attribs = xrealloc (attribs,
+ (count + 1) * sizeof (struct user_attribute));
memset (&attribs[count], 0, sizeof (struct user_attribute));
type = *buffer;
-----------------------------------------------------------------------
Summary of changes:
g10/parse-packet.c | 18 +++++++++++++++---
1 file changed, 15 insertions(+), 3 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list