Package: gnupg2 / 2.0.26-6+deb8u2

0020-gpg-Fix-use-of-uninit.value-in-listing-sig-subpkts.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
From 1f9dfe1fedad215140011257d9b1bb21bc368179 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Mon, 24 Nov 2014 19:24:47 +0100
Subject: [PATCH 20/31] gpg: Fix use of uninit.value in listing sig subpkts.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* g10/parse-packet.c (dump_sig_subpkt): Print regex subpacket
sanitized.
--

We may not use "%s" to print an arbitrary buffer.  At least "%.*s"
should have been used.  However, it is in general preferable to escape
control characters while printf user data.

Reported-by: Hanno Böck
Signed-off-by: Werner Koch <wk@gnupg.org>

(backported from commit 596ae9f5433ca3b0e01f7acbe06fd2e424c42ae8)
---
 g10/parse-packet.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index 99ff7b7..63b97f0 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -972,7 +972,11 @@ dump_sig_subpkt( int hashed, int type, int critical,
 	if(!length)
 	  p="[invalid regexp subpacket]";
 	else
-	  fprintf (listfp, "regular expression: \"%s\"",buffer);
+          {
+            fprintf (listfp, "regular expression: \"");
+            print_string (listfp, buffer, length, '\"');
+            p = "\"";
+          }
 	break;
       case SIGSUBPKT_REVOCABLE:
 	if( length )
-- 
2.1.4