mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-18 14:17:03 +01:00
gpg: Fix uninitialized access to search descindex with gpg keyboxes.
* kbx/keybox-search.c (keybox_search): Add arg R_DESCINDEX. Chnage both callers. * g10/keydb.c (keydb_search): Always set DESCINDEX. -- This only affects the new keybox for OpenPGP keys in 2.1. The bug exhibited itself by running GPA's backup command on Windows.
This commit is contained in:
parent
71fa6a3510
commit
25036ec6ab
@ -1319,6 +1319,9 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
|
||||
{
|
||||
gpg_error_t rc;
|
||||
|
||||
if (descindex)
|
||||
*descindex = 0; /* Make sure it is always set on return. */
|
||||
|
||||
if (!hd)
|
||||
return gpg_error (GPG_ERR_INV_ARG);
|
||||
|
||||
@ -1333,6 +1336,7 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
|
||||
&& keyblock_cache.kid[0] == desc[0].u.kid[0]
|
||||
&& keyblock_cache.kid[1] == desc[0].u.kid[1])
|
||||
{
|
||||
/* (DESCINDEX is already set). */
|
||||
if (DBG_CLOCK)
|
||||
log_clock ("keydb_search leave (cached)");
|
||||
return 0;
|
||||
@ -1352,7 +1356,8 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
|
||||
ndesc, descindex);
|
||||
break;
|
||||
case KEYDB_RESOURCE_TYPE_KEYBOX:
|
||||
rc = keybox_search (hd->active[hd->current].u.kb, desc, ndesc);
|
||||
rc = keybox_search (hd->active[hd->current].u.kb, desc,
|
||||
ndesc, descindex);
|
||||
break;
|
||||
}
|
||||
if (rc == -1 || gpg_err_code (rc) == GPG_ERR_EOF)
|
||||
|
@ -720,7 +720,8 @@ keybox_search_reset (KEYBOX_HANDLE hd)
|
||||
/* Note: When in ephemeral mode the search function does visit all
|
||||
blobs but in standard mode, blobs flagged as ephemeral are ignored. */
|
||||
int
|
||||
keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc)
|
||||
keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc,
|
||||
size_t *r_descindex)
|
||||
{
|
||||
int rc;
|
||||
size_t n;
|
||||
@ -945,6 +946,10 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc)
|
||||
}
|
||||
continue;
|
||||
found:
|
||||
/* Record which DESC we matched on. Note this value is only
|
||||
meaningful if this function returns with no errors. */
|
||||
if(r_descindex)
|
||||
*r_descindex = n;
|
||||
for (n=any_skip?0:ndesc; n < ndesc; n++)
|
||||
{
|
||||
/* if (desc[n].skipfnc */
|
||||
|
@ -83,7 +83,8 @@ int keybox_get_cert (KEYBOX_HANDLE hd, ksba_cert_t *ret_cert);
|
||||
int keybox_get_flags (KEYBOX_HANDLE hd, int what, int idx, unsigned int *value);
|
||||
|
||||
int keybox_search_reset (KEYBOX_HANDLE hd);
|
||||
int keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc);
|
||||
int keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc,
|
||||
size_t *r_descindex);
|
||||
|
||||
|
||||
/*-- keybox-update.c --*/
|
||||
@ -109,8 +110,6 @@ int keybox_compress (KEYBOX_HANDLE hd);
|
||||
|
||||
#if 0
|
||||
int keybox_locate_writable (KEYBOX_HANDLE hd);
|
||||
int keybox_search_reset (KEYBOX_HANDLE hd);
|
||||
int keybox_search (KEYBOX_HANDLE hd, KEYDB_SEARCH_DESC *desc, size_t ndesc);
|
||||
int keybox_rebuild_cache (void *);
|
||||
#endif
|
||||
|
||||
|
@ -798,7 +798,7 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, size_t ndesc)
|
||||
BUG(); /* we should never see it here */
|
||||
break;
|
||||
case KEYDB_RESOURCE_TYPE_KEYBOX:
|
||||
rc = keybox_search (hd->active[hd->current].u.kr, desc, ndesc);
|
||||
rc = keybox_search (hd->active[hd->current].u.kr, desc, ndesc, NULL);
|
||||
break;
|
||||
}
|
||||
if (rc == -1) /* EOF -> switch to next resource */
|
||||
|
Loading…
x
Reference in New Issue
Block a user