[git] GPGME - branch, master, updated. gpgme-1.9.0-83-g651b3d8

by Andre Heinecke cvs at cvs.gnupg.org
Fri Dec 1 09:52:22 CET 2017 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG Made Easy".

The branch, master has been updated
       via  651b3d8207cc7d85699f89fc4c21cb1243453aa8 (commit)
      from  f43016500774ab82f222249202bda6c463aaf63f (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 651b3d8207cc7d85699f89fc4c21cb1243453aa8
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Fri Dec 1 09:44:47 2017 +0100

    Fix uid parsing for ldap keyserver
    
    * src/engine-gpg.c (gpg_keylist_preprocess): Check field count
    for uid and add fallback.
    
    --
    This fixes accessing unintialized memory and resulting
    crashes in gpgrt_asprintf.
    
    GnuPG-Bug-Id: T3550

diff --git a/src/engine-gpg.c b/src/engine-gpg.c
index 5ce04f0..bfe7d13 100644
--- a/src/engine-gpg.c
+++ b/src/engine-gpg.c
@@ -2594,6 +2594,9 @@ gpg_keylist_preprocess (char *line, char **r_line)
 	 as defined in 5.2. Machine Readable Indexes of the OpenPGP
 	 HTTP Keyserver Protocol (draft).
 
+         For an ldap keyserver the format is:
+         uid:<escaped uid string>
+
 	 We want:
 	 uid:o<flags>::::<creatdate>:<expdate>:::<c-coded uid>:
       */
@@ -2635,9 +2638,17 @@ gpg_keylist_preprocess (char *line, char **r_line)
 	  }
 	*dst = '\0';
 
-	if (gpgrt_asprintf (r_line, "uid:o%s::::%s:%s:::%s:",
-		      field[4], field[2], field[3], uid) < 0)
-	  return gpg_error_from_syserror ();
+        if (fields < 4)
+          {
+            if (gpgrt_asprintf (r_line, "uid:o::::::::%s:", uid) < 0)
+              return gpg_error_from_syserror ();
+          }
+        else
+          {
+            if (gpgrt_asprintf (r_line, "uid:o%s::::%s:%s:::%s:",
+                                field[4], field[2], field[3], uid) < 0)
+              return gpg_error_from_syserror ();
+          }
       }
       return 0;
 

-----------------------------------------------------------------------

Summary of changes:
 src/engine-gpg.c | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
GnuPG Made Easy
http://git.gnupg.org

More information about the Gnupg-commits mailing list