[git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.18-18-g2d35968

by Werner Koch cvs at cvs.gnupg.org
Mon Nov 24 19:41:37 CET 2014 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-1-4 has been updated
       via  2d359681f08999686734421228cb69893d8a0060 (commit)
       via  2b4809406b6536cbb67a2282bf855710b8454dc2 (commit)
       via  69767ccf4218d0dc5ef2d7e141be0f14c88fea59 (commit)
      from  fbb50867f81d790c4bf819dcadcd14be6c3f957b (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 2d359681f08999686734421228cb69893d8a0060
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Nov 24 19:41:46 2014 +0100

    gpg: Fix use of uninit.value in listing sig subpkts.
    
    * g10/parse-packet.c (dump_sig_subpkt): Print regex subpacket
    sanitized.
    --
    
    We may not use "%s" to print an arbitrary buffer.  At least "%.*s"
    should have been used.  However, it is in general preferable to escape
    control characters while printf user data.
    
    Reported-by: Hanno Böck
    Signed-off-by: Werner Koch <wk at gnupg.org>
    
    (backported from commit 596ae9f5433ca3b0e01f7acbe06fd2e424c42ae8)

diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index db1702f..01600e4 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -892,13 +892,18 @@ dump_sig_subpkt( int hashed, int type, int critical,
 	if(length!=2)
 	  p="[invalid trust subpacket]";
 	else
-	  fprintf (listfp, "trust signature of depth %d, value %d",buffer[0],buffer[1]);
+	  fprintf (listfp, "trust signature of depth %d, value %d",
+                   buffer[0],buffer[1]);
 	break;
       case SIGSUBPKT_REGEXP:
 	if(!length)
 	  p="[invalid regexp subpacket]";
 	else
-	  fprintf (listfp, "regular expression: \"%s\"",buffer);
+          {
+            fprintf (listfp, "regular expression: \"");
+            print_string (listfp, buffer, length, '\"');
+            p = "\"";
+          }
 	break;
       case SIGSUBPKT_REVOCABLE:
 	if( length )

commit 2b4809406b6536cbb67a2282bf855710b8454dc2
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Nov 24 19:38:04 2014 +0100

    gpg: Fix off-by-one read in the attribute subpacket parser.
    
    * g10/parse-packet.c (parse_attribute_subpkts): Check that the
    attribute packet is large enough for the subpacket type.
    --
    
    Reported-by: Hanno Böck
    Signed-off-by: Werner Koch <wk at gnupg.org>
    
    (backported from commit 0988764397f99db4efef1eabcdb8072d6159af76)

diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index dcda8ef..db1702f 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -2026,6 +2026,14 @@ parse_attribute_subpkts(PKT_user_id *uid)
       if( buflen < n )
 	goto too_short;
 
+      if (!n)
+        {
+          /* Too short to encode the subpacket type.  */
+          if (opt.verbose)
+            log_info ("attribute subpacket too short\n");
+          break;
+        }
+
       attribs=xrealloc(attribs,(count+1)*sizeof(struct user_attribute));
       memset(&attribs[count],0,sizeof(struct user_attribute));
 

commit 69767ccf4218d0dc5ef2d7e141be0f14c88fea59
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Nov 24 19:32:47 2014 +0100

    gpg: Fix a NULL-deref for invalid input data.
    
    * g10/mainproc.c (proc_encrypted): Take care of canceled passpharse
    entry.
    --
    
    GnuPG-bug-id: 1761
    Signed-off-by: Werner Koch <wk at gnupg.org>
    
    (backported from commit 32e85668b82f6fbcb824eea9548970804fb41d9e)

diff --git a/g10/mainproc.c b/g10/mainproc.c
index d355a21..15baefe 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -540,7 +540,9 @@ proc_encrypted( CTX c, PACKET *pkt )
 	result = -1;
     else if( !c->dek && !c->last_was_session_key ) {
         int algo;
-        STRING2KEY s2kbuf, *s2k = NULL;
+        STRING2KEY s2kbuf;
+        STRING2KEY *s2k = NULL;
+        int canceled;
 
 	if(opt.override_session_key)
 	  {
@@ -580,9 +582,13 @@ proc_encrypted( CTX c, PACKET *pkt )
 		log_info (_("assuming %s encrypted data\n"), "IDEA");
 	      }
 
-	    c->dek = passphrase_to_dek ( NULL, 0, algo, s2k, 0, NULL, NULL );
+	    c->dek = passphrase_to_dek ( NULL, 0, algo, s2k, 0, NULL,&canceled);
 	    if (c->dek)
 	      c->dek->algo_info_printed = 1;
+            else if (canceled)
+              result = G10ERR_CANCELED;
+            else
+              result = G10ERR_PASSPHRASE;
 	  }
     }
     else if( !c->dek )

-----------------------------------------------------------------------

Summary of changes:
 g10/mainproc.c     |   10 ++++++++--
 g10/parse-packet.c |   17 +++++++++++++++--
 2 files changed, 23 insertions(+), 4 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list