Minor fixes for GnuPG 1.2.3

David Shaw dshaw at jabberwocky.com
Fri Dec 5 10:44:15 CET 2003


On Fri, Dec 05, 2003 at 08:33:52AM +0100, Christian Biere wrote:

>  		iobuf_put( a, '+' );
>  	    else {
>  		char numbuf[5];
> -		sprintf(numbuf, "%%%02X", *p );
> +		sprintf(numbuf, "%%%02X", (unsigned char)*p );

"*p" is a "byte *".  byte is already an unsigned char, no?  There are
a lot of places throughout the code here and in 'gpg' itself where it
is required to be unsigned...

>  	    if(strcmp(line,"-----BEGIN PGP PUBLIC KEY BLOCK-----\n")==0)
>  	      {
> -		fprintf(output,line);
> +		fprintf(output,"%s",line);
>  		gotit=1;
>  	      }

This isn't a bug.  You can't get to the bad printf unless line is
confirmed safe.

>  	/* Nail that last space */
> -	searchkey[strlen(searchkey)-1]='\0';
> +	if (*searchkey)
> +	  searchkey[strlen(searchkey)-1]='\0';

This is safe as well.  You can't get to here unless there is a key to
search for, so searchkey will never be zero length.  Good catch,
though.  I'm going to change it anyway.

David



More information about the Gnupg-devel mailing list