automated cppcheck for gnupg

Werner Koch wk at
Wed Apr 16 14:04:30 CEST 2014

On Wed, 16 Apr 2014 12:41, ekleog at said:

>>    ctx = malloc (sizeof *ctx);
>>    if (!ctx)
>>       {
>>          trace_error (ctx->err_source)
>>          return NULL;
>>       }

> Here, the argument to gpg_strsource (assuming the point of the mistake is the
> one of the latest git commit on libassuan) would be attacker-controlled, as a
> consequence the one to gpg_err_source. Doing no check, it means the

No, the argument is not attacker controlled.  



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list