[git] GPGME - branch, master, updated. gpgme-1.11.1-98-g6d7b438
by Andre Heinecke
cvs at cvs.gnupg.org
Wed Jul 18 13:08:33 CEST 2018
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG Made Easy".
The branch, master has been updated
via 6d7b4382c3e12ba1dbbd0762dfa850c76750d838 (commit)
via 82e4b900a96c837392259469a9a5821a95e7a707 (commit)
via b78140daf7720132711314a4e5ed878b49da99f4 (commit)
from 16462c54b3503e77bc48c2486234531d7bc31b6d (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 6d7b4382c3e12ba1dbbd0762dfa850c76750d838
Author: Andre Heinecke <aheinecke at intevation.de>
Date: Wed Jul 18 13:06:08 2018 +0200
json: Ensure that native msging request is string
* src/gpgme-json.c (native_messaging_repl): Ensure that the
request is NULL terminated.
--
This avoids potential memory leaks and access to unmapped memory
in case the request was not terminated.
Other request functions use es_read_line which gurantees NULL
termination.
diff --git a/src/gpgme-json.c b/src/gpgme-json.c
index edd3d32..74ca2b6 100644
--- a/src/gpgme-json.c
+++ b/src/gpgme-json.c
@@ -3601,7 +3601,7 @@ native_messaging_repl (void)
}
/* Read request. */
- request = xtrymalloc (nrequest);
+ request = xtrymalloc (nrequest + 1);
if (!request)
{
err = gpg_error_from_syserror ();
@@ -3626,6 +3626,7 @@ native_messaging_repl (void)
}
else /* Process request */
{
+ request[n] = '\0'; /* Esnure that request has an end */
if (opt_debug)
log_debug ("request='%s'\n", request);
xfree (response);
commit 82e4b900a96c837392259469a9a5821a95e7a707
Author: Andre Heinecke <aheinecke at intevation.de>
Date: Wed Jul 18 13:02:32 2018 +0200
json: Fix crash by ensuring response is never NULL
* src/gpgme-json.c (encode_and_chunk): Try to always
return at least an error.
(process_request): Double check that it does not return NULL.
--
If process_request returns NULL the following strlen on it
would crash.
diff --git a/src/gpgme-json.c b/src/gpgme-json.c
index 87b40a2..edd3d32 100644
--- a/src/gpgme-json.c
+++ b/src/gpgme-json.c
@@ -1473,13 +1473,28 @@ encode_and_chunk (cjson_t request, cjson_t response)
data = cJSON_PrintUnformatted (response);
if (!data)
- goto leave;
+ {
+ err = GPG_ERR_NO_DATA;
+ goto leave;
+ }
+
+ if (!request)
+ {
+ err = GPG_ERR_INV_VALUE;
+ goto leave;
+ }
if ((err = get_chunksize (request, &chunksize)))
- goto leave;
+ {
+ err = GPG_ERR_INV_VALUE;
+ goto leave;
+ }
if (!chunksize)
- goto leave;
+ {
+ err = GPG_ERR_INV_VALUE;
+ goto leave;
+ }
pending_data.buffer = data;
/* Data should already be encoded so that it does not
@@ -1500,14 +1515,22 @@ encode_and_chunk (cjson_t request, cjson_t response)
leave:
xfree (getmore_request);
+ if (!err && !data)
+ {
+ err = GPG_ERR_GENERAL;
+ }
+
if (err)
{
cjson_t err_obj = gpg_error_object (NULL, err,
"Encode and chunk failed: %s",
gpgme_strerror (err));
+ xfree (data);
if (opt_interactive)
- return cJSON_Print (err_obj);
- return cJSON_PrintUnformatted (err_obj);
+ data = cJSON_Print (err_obj);
+ data = cJSON_PrintUnformatted (err_obj);
+
+ cJSON_Delete (err_obj);
}
return data;
@@ -3187,13 +3210,26 @@ process_request (const char *request)
else
res = cJSON_PrintUnformatted (response);
}
- else if (json)
+ else
res = encode_and_chunk (json, response);
if (!res)
- log_error ("Printing JSON data failed\n");
+ {
+ log_error ("Printing JSON data failed\n");
+ cjson_t err_obj = error_object (NULL, "Printing JSON data failed");
+ if (opt_interactive)
+ res = cJSON_Print (err_obj);
+ res = cJSON_PrintUnformatted (err_obj);
+ cJSON_Delete (err_obj);
+ }
cJSON_Delete (json);
cJSON_Delete (response);
+
+ if (!res)
+ {
+ /* Can't happen unless we created a broken error_object above */
+ return strdup ("Bug: Fatal error in process request\n");
+ }
return res;
}
commit b78140daf7720132711314a4e5ed878b49da99f4
Author: Andre Heinecke <aheinecke at intevation.de>
Date: Wed Jul 18 12:57:51 2018 +0200
json: Fix memory errors in create_keylist_patterns
* src/gpgme-json.c (create_keylist_patterns): Reserve two
pointers more then linefeeds.
(create_keylist_patterns): Fix loop to count linebreaks.
(create_keylist_patterns): Use calloc for good measure.
--
This fixes crashes and memory corruption as cnt did not
match i.
diff --git a/src/gpgme-json.c b/src/gpgme-json.c
index 06f09ef..87b40a2 100644
--- a/src/gpgme-json.c
+++ b/src/gpgme-json.c
@@ -691,17 +691,17 @@ create_keylist_patterns (cjson_t request, const char *name)
char *p;
char *tmp;
char **ret;
- int cnt = 1;
+ int cnt = 2; /* Last NULL and one is not newline delimited */
int i = 0;
if (get_keys (request, name, &keystring))
return NULL;
- for (p = keystring; p; p++)
+ for (p = keystring; *p; p++)
if (*p == '\n')
cnt++;
- ret = xmalloc (cnt * sizeof *ret);
+ ret = xcalloc (1, cnt * sizeof *ret);
for (p = keystring, tmp = keystring; *p; p++)
{
@@ -712,8 +712,7 @@ create_keylist_patterns (cjson_t request, const char *name)
tmp = p + 1;
}
/* The last key is not newline delimted. */
- ret[i++] = *tmp ? xstrdup (tmp) : NULL;
- ret[i] = NULL;
+ ret[i] = *tmp ? xstrdup (tmp) : NULL;
xfree (keystring);
return ret;
-----------------------------------------------------------------------
Summary of changes:
src/gpgme-json.c | 62 ++++++++++++++++++++++++++++++++++++++++++++------------
1 file changed, 49 insertions(+), 13 deletions(-)
hooks/post-receive
--
GnuPG Made Easy
http://git.gnupg.org
More information about the Gnupg-commits
mailing list