[PATCH gpg] gpg: Avoid assumption on fingerprint size.

Werner Koch wk at gnupg.org
Tue Feb 20 19:43:25 CET 2018

On Tue, 20 Feb 2018 16:43, dgouttegattat at incenp.org said:

> +  size_t fpr_len;
> +
> +  fpr_len = strlen (fpr);

That does not work because FPR is binary.  Thus the fingerprint may
contains '\x0'.  I already looked into this and it might be worth to
revamp the entire user id caching instead of just fixing the fingerprint
thing.  In theory the fingerprint should be filled up with zeros to
MAX_FINGERPRINT_LEN but that is somewhere missing.



#  Please read:  Daniel Ellsberg - The Doomsday Machine  #
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180220/19d2bb88/attachment.sig>

More information about the Gnupg-devel mailing list