1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-08 12:44:23 +01:00

agent: Fix wrong use of gcry_sexp_build_array

* findkey.c (agent_public_key_from_file): Fix use of
gcry_sexp_build_array.

--
A test case leading to a segv in Libgcrypt is

  gpg-connect-agent \
    "READKEY 9277C5875C8AFFCB727661C18BE4E0A0DEED9260" /bye

The keygrip was created by "monkeysphere s", which has a comment.

gcry_sexp_build_array expects pointers to the arguments which is quite
surprising.  Probably ARG_NEXT was accidentally implemented wrongly.
Anyway, we can't do anything about it and thus need to fix the check
the users of this function.

Some-comments-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
NIIBE Yutaka 2012-10-31 16:09:06 +09:00 committed by Werner Koch
parent 8df89f3e9c
commit 8f8c29d24c

View File

@ -948,15 +948,15 @@ agent_public_key_from_file (ctrl_t ctrl,
{
p = stpcpy (p, "(uri %b)");
assert (argidx+1 < DIM (args));
args[argidx++] = (void *)uri_length;
args[argidx++] = (void *)uri;
args[argidx++] = (void *)&uri_length;
args[argidx++] = (void *)&uri;
}
if (comment)
{
p = stpcpy (p, "(comment %b)");
assert (argidx+1 < DIM (args));
args[argidx++] = (void *)comment_length;
args[argidx++] = (void*)comment;
args[argidx++] = (void *)&comment_length;
args[argidx++] = (void*)&comment;
}
*p++ = ')';
*p = 0;