From 4cf3cc6e3d48c8400466ca29c3f1c22ed2da6c2c Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Sun, 26 Nov 2017 18:33:49 +0100 Subject: [PATCH] gpg: Do not read from uninitialized memory with --list-packets. * g10/parse-packet.c (parse_plaintext): Fill up the allocated NAME. -- This actually does not harm because we merely display a buffer allocated by ourselves. However, we better tell Valgrind about it so that we don't need to track this thing down ever again. Test using a corrupted literal data packet: echo cb 0a 75 ff 59 ae 90 d5 74 65 73 74 | \ undump |\ valgrind gpg --list-packets >/dev/null Reported-by: Sebastian Schinzel Signed-off-by: Werner Koch --- g10/parse-packet.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 0b6ee8b4e..eee14f64e 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -3087,6 +3087,12 @@ parse_plaintext (IOBUF inp, int pkttype, unsigned long pktlen, else pt->name[i] = c; } + /* Fill up NAME so that a check with valgrind won't complain about + * reading from uninitalized memory. This case may be triggred by + * corrupted packets. */ + for (; i < namelen; i++) + pt->name[i] = 0; + pt->timestamp = read_32 (inp); if (pktlen) pktlen -= 4;