[Announce] GnuPG 1.4 and 2.0 buffer overflow

[Christian Biere]

"How I wish C-90 had introduced asprintf or at least it would be available on more platforms."

Who needs printf-like functions to concatenate a bunch of strings? It's trivial to write a function
similar to asprintf() that takes no format string but simply a variable number of string arguments
to be concatened into a newly allocated buffer. The issue here was clearly the precalculation of
the assumed string length which is simply unnecessary.

Also, asprintf() returns an int instead of size_t. Yet another library function broken by design.

-- 
Christian