[git] GnuPG - branch, master, updated. gnupg-2.2.7-144-g13f135c

by Werner Koch cvs at cvs.gnupg.org
Fri Jun 8 10:54:31 CEST 2018 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  13f135c7a252cc46cff96e75968d92b6dc8dce1b (commit)
      from  26746fe65d14a00773473c2d0d271406a5105bca (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 13f135c7a252cc46cff96e75968d92b6dc8dce1b
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Jun 8 10:45:21 2018 +0200

    gpg: Sanitize diagnostic with the original file name.
    
    * g10/mainproc.c (proc_plaintext): Sanitize verbose output.
    --
    
    This fixes a forgotten sanitation of user supplied data in a verbose
    mode diagnostic.  The mention CVE is about using this to inject
    status-fd lines into the stderr output.  Other harm good as well be
    done.  Note that GPGME based applications are not affected because
    GPGME does not fold status output into stderr.
    
    CVE-id: CVE-2018-12020
    GnuPG-bug-id: 4012

diff --git a/g10/mainproc.c b/g10/mainproc.c
index d2ceec2..a9da08f 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -851,7 +851,14 @@ proc_plaintext( CTX c, PACKET *pkt )
   if (pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8))
     log_info (_("Note: sender requested \"for-your-eyes-only\"\n"));
   else if (opt.verbose)
-    log_info (_("original file name='%.*s'\n"), pt->namelen, pt->name);
+    {
+      /* We don't use print_utf8_buffer because that would require a
+       * string change which we don't want in 2.2.  It is also not
+       * clear whether the filename is always utf-8 encoded.  */
+      char *tmp = make_printable_string (pt->name, pt->namelen, 0);
+      log_info (_("original file name='%.*s'\n"), (int)strlen (tmp), tmp);
+      xfree (tmp);
+    }
 
   free_md_filter_context (&c->mfx);
   if (gcry_md_open (&c->mfx.md, 0, 0))

-----------------------------------------------------------------------

Summary of changes:
 g10/mainproc.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list