From 596ae9f5433ca3b0e01f7acbe06fd2e424c42ae8 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Mon, 24 Nov 2014 18:05:45 +0100
Subject: [PATCH] gpg: Fix use of uninit.value in listing sig subpkts.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* g10/parse-packet.c (dump_sig_subpkt): Print regex subpacket
sanitized.
--

We may not use "%s" to print an arbitrary buffer.  At least "%.*s"
should have been used.  However, it is in general preferable to escape
control characters while printf user data.

Reported-by: Hanno Böck
Signed-off-by: Werner Koch <wk@gnupg.org>
---
 g10/parse-packet.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index f75e21ccb..58cb1c45e 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -1151,7 +1151,11 @@ dump_sig_subpkt (int hashed, int type, int critical,
       if (!length)
 	p = "[invalid regexp subpacket]";
       else
-	es_fprintf (listfp, "regular expression: \"%s\"", buffer);
+        {
+          es_fprintf (listfp, "regular expression: \"");
+          es_write_sanitized (listfp, buffer, length, "\"", NULL);
+          p = "\"";
+        }
       break;
     case SIGSUBPKT_REVOCABLE:
       if (length)