From a50093893cd100c74a32cbacc749aab582154625 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Fri, 26 Mar 2021 14:47:10 +0100 Subject: [PATCH] gpgconf: Fix argv overflow if --homedir is used. * tools/gpgconf-comp.c (gc_component_launch): Fix crash due to too small array. -- GnuPG-bug-id: 5366 Depending on the stack layout this could have led to zeroing out the PID variable if --homedir was used and thus under Windows to a leaked handle. However, gpgconf is a short running process and thus no really harm. Co-authored-by: cbiedl@gnupg.com Signed-off-by: Werner Koch --- tools/gpgconf-comp.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c index 0618125cf..db3fac698 100644 --- a/tools/gpgconf-comp.c +++ b/tools/gpgconf-comp.c @@ -1260,7 +1260,7 @@ gc_component_launch (int component) { gpg_error_t err; const char *pgmname; - const char *argv[5]; + const char *argv[6]; int i; pid_t pid; @@ -1300,6 +1300,7 @@ gc_component_launch (int component) argv[i++] = "--dirmngr"; argv[i++] = "NOP"; argv[i] = NULL; + log_assert (i < DIM(argv)); err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid); if (!err)