security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-03-26 22:29:58 +01:00
Code Activity

gpg: Fix use of uninit.value in listing sig subpkts.

Browse Source 
* g10/parse-packet.c (dump_sig_subpkt): Print regex subpacket
sanitized.
--

We may not use "%s" to print an arbitrary buffer.  At least "%.*s"
should have been used.  However, it is in general preferable to escape
control characters while printf user data.

Reported-by: Hanno Böck
Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2014-11-24 18:05:45 +01:00
parent 0988764397
commit 596ae9f543
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
g10/parse-packet.c
View File

@ -1151,7 +1151,11 @@ dump_sig_subpkt (int hashed, int type, int critical,
if (!length) if (!length)
p = "[invalid regexp subpacket]"; p = "[invalid regexp subpacket]";
else else
es_fprintf (listfp, "regular expression: \"%s\"", buffer); {
es_fprintf (listfp, "regular expression: \"");
es_write_sanitized (listfp, buffer, length, "\"", NULL);
p = "\"";
}
break; break;
case SIGSUBPKT_REVOCABLE: case SIGSUBPKT_REVOCABLE:
if (length) if (length)