[git] Assuan - branch, master, updated. libassuan-2.1.2-6-g0fce017

by Werner Koch cvs at cvs.gnupg.org
Fri Nov 28 21:30:36 CET 2014 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPC library used by GnuPG".

The branch, master has been updated
       via  0fce017100c5896cf9dc1fcbd4a39053651c3910 (commit)
      from  1f99031cb55e88840d98dd71381b2bc2618406fc (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 0fce017100c5896cf9dc1fcbd4a39053651c3910
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Nov 28 21:30:52 2014 +0100

    Do not allow LFs in the redirected name.
    
    * src/assuan-socket.c (eval_redirection): Stop parsing at the first
    LF.
    --
    
    Avoiding LFs in file names is better for logging.

diff --git a/src/assuan-socket.c b/src/assuan-socket.c
index c8af51b..c392e93 100644
--- a/src/assuan-socket.c
+++ b/src/assuan-socket.c
@@ -287,8 +287,13 @@ eval_redirection (const char *fname, int *r_redirect)
       return NULL;
     }
   buffer[n] = 0;
+
+  /* Check that it is a redirection file.  We also check that the
+     first byte of the name is not a LF because that would lead to an
+     zero length name. */
   if (n < 17 || buffer[n-1] != '\n'
-      || memcmp (buffer, "%Assuan%\nsocket=", 16))
+      || memcmp (buffer, "%Assuan%\nsocket=", 16)
+      || buffer[16] == '\n')
     {
       gpg_err_set_errno (EINVAL);
       return NULL;
@@ -333,6 +338,8 @@ eval_redirection (const char *fname, int *r_redirect)
             }
           p = pend;
         }
+      else if (*p == '\n')
+        break; /* Be nice and stop at the first LF.  */
       else if (n < sizeof addr->sun_path - 1)
         addr->sun_path[n++] = *p;
       else

-----------------------------------------------------------------------

Summary of changes:
 src/assuan-socket.c |    9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)


hooks/post-receive
-- 
IPC library used by GnuPG
http://git.gnupg.org

More information about the Gnupg-commits mailing list