gpg: Fix use of uninit.value in listing sig subpkts.

* g10/parse-packet.c (dump_sig_subpkt): Print regex subpacket sanitized. -- We may not use "%s" to print an arbitrary buffer. At least "%.*s" should have been used. However, it is in general preferable to escape control characters while printf user data. Reported-by: Hanno Böck Signed-off-by: Werner Koch <wk@gnupg.org>
2025-03-25 22:19:59 +01:00 · 2014-11-24 18:05:45 +01:00 · 2014-11-24 18:05:45 +01:00 · 596ae9f543
commit 596ae9f543
parent 0988764397
1 changed files with 5 additions and 1 deletions
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@ -1151,7 +1151,11 @@ dump_sig_subpkt (int hashed, int type, int critical,
      if (!length)
 	p = "[invalid regexp subpacket]";
      else
-	es_fprintf (listfp, "regular expression: \"%s\"", buffer);
+        {
+          es_fprintf (listfp, "regular expression: \"");
+          es_write_sanitized (listfp, buffer, length, "\"", NULL);
+          p = "\"";
+        }
      break;
    case SIGSUBPKT_REVOCABLE:
      if (length)