[git] GPGME - branch, master, updated. gpgme-1.12.0-20-gfbac11b

by Werner Koch cvs at cvs.gnupg.org
Thu Oct 18 17:41:03 CEST 2018 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG Made Easy".

The branch, master has been updated
       via  fbac11b19d97730494dc9dad3b7f71453ef15581 (commit)
      from  174af15725d4989a840ff3098996cc8a0568f724 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit fbac11b19d97730494dc9dad3b7f71453ef15581
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Oct 18 17:36:30 2018 +0200

    core: Fix segv in genkey when no endtag is provided.
    
    * src/genkey.c (get_key_parameter): Provide a fallback ENDTAG.
    --
    
    It would actually be more correct to return an error in this case but
    it is possible tha there are users who did not provide an endtag and
    out of luck they also didn't trigger a segv.
    
    GnuPG-bug-id: 4192
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/src/genkey.c b/src/genkey.c
index 0108aab..e00d047 100644
--- a/src/genkey.c
+++ b/src/genkey.c
@@ -223,9 +223,13 @@ get_key_parameter (const char *parms, gpgme_data_t *key_parameter)
     return gpg_error (GPG_ERR_INV_VALUE);
 
   endtag = strstr (content, "</GnupgKeyParms>");
+  if (!endtag)
+    endtag = content + strlen (content);
+
   /* FIXME: Check that there are no control statements inside.  */
-  while (content[0] == '\n'
-	 || (content[0] == '\r' && content[1] == '\n'))
+  while (content < endtag
+         && (content[0] == '\n'
+             || (content[0] == '\r' && content[1] == '\n')))
     content++;
 
   return gpgme_data_new_from_mem (key_parameter, content,

-----------------------------------------------------------------------

Summary of changes:
 src/genkey.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
GnuPG Made Easy
http://git.gnupg.org

More information about the Gnupg-commits mailing list