Replace use of variable-length-arrays.

* common/t-iobuf.c (main): Replace variable-length-array. * g10/gpgcompose.c (mksubpkt_callback): Ditto. (encrypted): Ditto. * g10/t-stutter.c (log_hexdump): Ditto. (oracle_test): Ditto. * g10/tofu.c (get_policy): Ditto. Use "%zu" for size_t. * scd/app-openpgp.c (ecc_writekey): Replace variable-length-array. Check for zero length OID_LEN. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-02 13:29:18 +01:00 · 2017-01-02 13:29:18 +01:00 · 6b84ecbf31
parent c52930d11f
commit 6b84ecbf31
5 changed files with 42 additions and 18 deletions
--- a/common/t-iobuf.c
+++ b/common/t-iobuf.c
@ -362,10 +362,12 @@ main (int argc, char *argv[])
  {
    iobuf_t iobuf;
    int rc;
-    char *content = "0123456789";
+    char content[] = "0123456789";
    int n;
    int c;
-    char buffer[strlen (content)];
+    char buffer[10];
+
+    assert (sizeof buffer == sizeof content - 1);

    iobuf = iobuf_temp_with_content (content, strlen (content));
    assert (iobuf);
--- a/g10/gpgcompose.c
+++ b/g10/gpgcompose.c
@ -1654,13 +1654,17 @@ mksubpkt_callback (PKT_signature *sig, void *cookie)

  if (si->reason_for_revocation)
    {
-      int l = 1 + strlen (si->reason_for_revocation);
-      char buf[l];
+      int len = 1 + strlen (si->reason_for_revocation);
+      char *buf;
+
+      buf = xmalloc (len);

      buf[0] = si->reason_for_revocation_code;
-      memcpy (&buf[1], si->reason_for_revocation, l - 1);
+      memcpy (&buf[1], si->reason_for_revocation, len - 1);

-      build_sig_subpkt (sig, SIGSUBPKT_REVOC_REASON, buf, l);
+      build_sig_subpkt (sig, SIGSUBPKT_REVOC_REASON, buf, len);
+
+      xfree (buf);
    }

  if (si->features)
@ -2540,10 +2544,13 @@ encrypted (const char *option, int argc, char *argv[], void *cookie)

  if (do_debug)
    {
-      char buf[2 * session_key.keylen + 1];
+      char *buf;
+
+      buf = xmalloc (2 * session_key.keylen + 1);
      debug ("session key: algo: %d; keylen: %d; key: %s\n",
             session_key.algo, session_key.keylen,
             bin2hex (session_key.key, session_key.keylen, buf));
+      xfree (buf);
    }

  if (strcmp (option, "--encrypted-mdc") == 0)
--- a/g10/t-stutter.c
+++ b/g10/t-stutter.c
@ -68,8 +68,8 @@ log_hexdump (byte *buffer, int length)
    {
      int have = length > 16 ? 16 : length;
      int i;
-      char formatted[2 * have + 1];
-      char text[have + 1];
+      char formatted[2 * 16 + 1];
+      char text[16 + 1];

      fprintf (stderr, "%-8d ", written);
      bin2hex (buffer, have, formatted);
@ -87,10 +87,12 @@ log_hexdump (byte *buffer, int length)
        }

      for (i = 0; i < have; i ++)
-        if (isprint (buffer[i]))
-          text[i] = buffer[i];
-        else
-          text[i] = '.';
+        {
+          if (isprint (buffer[i]))
+            text[i] = buffer[i];
+          else
+            text[i] = '.';
+        }
      text[i] = 0;

      fprintf (stderr, "    ");
@ -347,8 +349,9 @@ oracle (int debug, byte *ciphertext, int len, byte **plaintextp, byte **cfbp)
 static int
 oracle_test (unsigned int d, int b, int debug)
 {
-  byte probe[blocksize + 2];
+  byte probe[32 + 2];

+  log_assert (blocksize + 2 <= sizeof probe);
  log_assert (d < 256 * 256);

  if (b == 1)
--- a/g10/tofu.c
+++ b/g10/tofu.c
@ -2457,16 +2457,16 @@ get_policy (tofu_dbs_t dbs, PKT_public_key *pk,
  /* See if the key is signed by an ultimately trusted key.  */
  {
    int fingerprint_raw_len = strlen (fingerprint) / 2;
-    char fingerprint_raw[fingerprint_raw_len];
+    char fingerprint_raw[20];
    int len = 0;

-    if (fingerprint_raw_len != 20
+    if (fingerprint_raw_len != sizeof fingerprint_raw
        || ((len = hex2bin (fingerprint,
                            fingerprint_raw, fingerprint_raw_len))
            != strlen (fingerprint)))
      {
        if (DBG_TRUST)
-          log_debug ("TOFU: Bad fingerprint: %s (len: %zd, parsed: %d)\n",
+          log_debug ("TOFU: Bad fingerprint: %s (len: %zu, parsed: %d)\n",
                     fingerprint, strlen (fingerprint), len);
      }
    else
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@ -3580,11 +3580,23 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
    {
      if (app->app_local->extcap.algo_attr_change)
        {
-          unsigned char keyattr[oid_len];
+          unsigned char *keyattr;

+          if (!oid_len)
+            {
+              err = gpg_error (GPG_ERR_INTERNAL);
+              goto leave;
+            }
+          keyattr = xtrymalloc (oid_len);
+          if (!keyattr)
+            {
+              err = gpg_error_from_syserror ();
+              goto leave;
+            }
          keyattr[0] = algo;
          memcpy (keyattr+1, oidbuf+1, oid_len-1);
          err = change_keyattr (app, keyno, keyattr, oid_len, pincb, pincb_arg);
+          xfree (keyattr);
          if (err)
            goto leave;
        }