[Pkg-gnupg-maint] Bug#773473: [PATCH] * sm/gpgsm.c: (parse_keyserver_line) return false on 'fail'.

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sat Dec 20 17:03:48 CET 2014


Hi Joshua--

On 12/20/2014 03:45 AM, Joshua Rogers wrote:
> --
> 
> If something in the keyserver_line failed, parse_keyserver_line would free 'server', but then return it afterwards, leading to a use-after-free.
> 
> sm/gpgsm.c, in the function main() correctly checks whether the return of parse_keyserver_line is false.
> ---
>  sm/gpgsm.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/sm/gpgsm.c b/sm/gpgsm.c
> index 3398d17..75c0b4d 100644
> --- a/sm/gpgsm.c
> +++ b/sm/gpgsm.c
> @@ -862,6 +862,7 @@ parse_keyserver_line (char *line,
>      {
>        log_info (_("%s:%u: skipping this line\n"), filename, lineno);
>        keyserver_list_free (server);
> +      return 0;
>      }
>  
>    return server;

Since the return value of parse_keyserver_line is a
struct keyserver_spec *, it's probably cleaner to represent it as NULL,
instead of 0.

This is functionally no different, of course, but it makes it clearer
what's going on.

(alternately, you could just set

 server = NULL;

and let the final line of the function return it)

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20141220/94ea71a8/attachment.sig>


More information about the Gnupg-devel mailing list