automated cppcheck for gnupg
Werner Koch
wk at gnupg.org
Wed Apr 16 14:04:30 CEST 2014
On Wed, 16 Apr 2014 12:41, ekleog at gmail.com said:
>> ctx = malloc (sizeof *ctx);
>> if (!ctx)
>> {
>> trace_error (ctx->err_source)
>> return NULL;
>> }
> Here, the argument to gpg_strsource (assuming the point of the mistake is the
> one of the latest git commit on libassuan) would be attacker-controlled, as a
> consequence the one to gpg_err_source. Doing no check, it means the
No, the argument is not attacker controlled.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel
mailing list