[git] Pinentry - branch, master, updated. pinentry-0.9.7-51-g15a6fd9
by Daniel Kahn Gillmor
cvs at cvs.gnupg.org
Mon Nov 7 01:27:17 CET 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The standard pinentry collection".
The branch, master has been updated
via 15a6fd9f1ee0e3bc62daf143546f5186ce947700 (commit)
via e4e3a9cc88704dcffac660d0b92fd1ed8abecc11 (commit)
from e353f4d1ac31e58f46eeba29279adf809dfb96a9 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 15a6fd9f1ee0e3bc62daf143546f5186ce947700
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Sat Nov 5 17:53:47 2016 -0400
gnome3: Avoid risk of uinitialized memory access.
* gnome3/pinentry-gnome3.c (_propagate_g_error_to_pinentry): Ensure
that pinentry->specific_err_info is null-terminated.
--
It's possible that "%d: %s" ends up producing more than 20 additional
characters. A 64-bit signed int at its minimum is
"-9223372036854775808", which is 20 characters. On any platform where
gint is 128-bit (i don't know whether they exist), it could be
significantly more.
snprintf doesn't write the final NUL byte if the string exceeds the
buffer, so anyone reading specific_err_info as a NUL-terminated string
in such a case would go on to read uninitialized memory after the
buffer. So we should force there to always be a NUL char after the
written buffer. It would be simpler to use asprintf, but i suspect
that's not portable enough for use in pinentry.
Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Signed-off-by: Neal H. Walfield <neal at g10code.com>
diff --git a/gnome3/pinentry-gnome3.c b/gnome3/pinentry-gnome3.c
index e06885e..f9c9262 100644
--- a/gnome3/pinentry-gnome3.c
+++ b/gnome3/pinentry-gnome3.c
@@ -93,13 +93,26 @@ static void
_propagate_g_error_to_pinentry (pinentry_t pe, GError *error,
gpg_err_code_t code, const char *loc)
{
- size_t infolen = strlen(error->message) + 20;
+ char *t;
+
+ /* We can't return the result of g_strdup_printf directly, because
+ * this needs to be g_free'd, but the users of PE (e.g.,
+ * pinentry_reset in pinentry/pinentry.c) use free. */
+ t = g_strdup_printf ("%d: %s", error->code, error->message);
+ if (t)
+ {
+ /* If strdup fails, then PE->SPECIFIC_ERR_INFO will be NULL,
+ * which is exactly what we want if strdup fails. So, there is
+ * no need to check for failure. */
+ pe->specific_err_info = strdup (t);
+ g_free (t);
+ }
+ else
+ {
+ pe->specific_err_info = NULL;
+ }
pe->specific_err = gpg_error (code);
- pe->specific_err_info = malloc (infolen);
- if (pe->specific_err_info)
- snprintf (pe->specific_err_info, infolen,
- "%d: %s", error->code, error->message);
pe->specific_err_loc = loc;
}
commit e4e3a9cc88704dcffac660d0b92fd1ed8abecc11
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Sat Nov 5 23:26:35 2016 -0400
tty: Declare dummy curses_cmd_handler.
* tty/pinentry-tty.c: Declare a dummy handler for the
curses_cmd_handler for fallback.
--
This is needed for building pinentry-tty, which links to a copy of the
pinentry object which doesn't have curses (it makes no sense to
fallback from tty to curses). But the new cmd_info in
pinentry/pinentry.c needs some sort of value to test against when
reporting the flavor.
You can replicate this linker error from git with:
./autogen.sh
./configure --enable-maintainer-mode \
--enable-{fallback-curses,pinentry-tty} \
--disable-{inside-emacs,libsecret} && make
Which produces:
gcc -g -O2 -Wall -Wcast-align -Wshadow -Wstrict-prototypes -Wformat -Wno-format-y2k -Wformat-security -W -Wno-sign-compare -Wno-missing-field-initializers -Wdeclaration-after-statement -Wno-pointer-sign -Wpointer-arith -o pinentry-tty pinentry-tty.o ../pinentry/libpinentry.a ../secmem/libsecmem.a -lassuan -L/usr/lib/x86_64-linux-gnu -lgpg-error -L/usr/lib/x86_64-linux-gnu -lgpg-error -lcap
../pinentry/libpinentry.a(pinentry.o): In function `cmd_getinfo':
«BUILDDIR»/pinentry/pinentry.c:1457: undefined reference to `curses_cmd_handler'
collect2: error: ld returned 1 exit status
Makefile:410: recipe for target 'pinentry-tty' failed
make[2]: *** [pinentry-tty] Error 1
make[2]: Leaving directory '«BUILDDIR»/tty'
One could argue that developers who --enable-tty then must also
--disable-fallback-curses, but that would just mean that it's
impossible to't build one of the graphical pinentries at the same time
(with curses fallback) as you are actually building pinentry-tty.
Arguably, though, the ./configure script should figure out the right
thing to do in this case and the build each variant sensibly.
This patch is a hack to ensure that pinentry-tty continues to link
properly even when other pinentries are being built concurrently with
a curses fallback.
Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
diff --git a/tty/pinentry-tty.c b/tty/pinentry-tty.c
index bd82fad..3d6cd5a 100644
--- a/tty/pinentry-tty.c
+++ b/tty/pinentry-tty.c
@@ -556,6 +556,10 @@ tty_cmd_handler(pinentry_t pinentry)
pinentry_cmd_handler_t pinentry_cmd_handler = tty_cmd_handler;
+/* needed to link cleanly; should never be used except for comparison
+ * in pinentry/pinentry.c's cmd_getinfo(): */
+pinentry_cmd_handler_t curses_cmd_handler = NULL;
+
int
main (int argc, char *argv[])
-----------------------------------------------------------------------
Summary of changes:
gnome3/pinentry-gnome3.c | 23 ++++++++++++++++++-----
tty/pinentry-tty.c | 4 ++++
2 files changed, 22 insertions(+), 5 deletions(-)
hooks/post-receive
--
The standard pinentry collection
http://git.gnupg.org
More information about the Gnupg-commits
mailing list