1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-03-12 23:01:14 +01:00

fixed severe format string bug

This commit is contained in:
Werner Koch 2001-05-25 07:22:34 +00:00
parent 42df1779cc
commit ca284c1000
13 changed files with 57 additions and 12 deletions

3
NEWS
View File

@ -1,3 +1,6 @@
* Security fix for a format string bug in the tty code.
Noteworthy changes in version 1.0.5 (2001-04-29)
------------------------------------------------

1
THANKS
View File

@ -44,6 +44,7 @@ Enzo Michelangeli em@MailAndNews.com
Ernst Molitor ernst.molitor@uni-bonn.de
Fabio Coatti cova@ferrara.linux.it
Felix von Leitner leitner@amdiv.de
fish stiqz fish@analog.org
Florian Weimer Florian.Weimer@rus.uni-stuttgart.de
Frank Donahoe fdonahoe@wilkes1.wilkes.edu
Frank Heckenbach heckenb@mi.uni-erlangen.de

6
TODO
View File

@ -56,6 +56,12 @@
* Replace the printing of the user name by [self-signature] when
appropriate so that a key listing does not get clobbered.
* "Michael T. Babcock" <mbabcock@fibrespeed.net> suggested to write
an even log so that other software can display a key history or
alike with GnuPG results. This should be connected to the keyrings.
* Show whether a signature is exportable or not. In --edit-key and
in --with-colon listing?
Scheduled for 1.1
-----------------

View File

@ -1,3 +1,16 @@
2001-05-25 Werner Koch <wk@gnupg.org>
* revoke.c (gen_revoke): Add a cast to a tty_printf arg.
* delkey.c (do_delete_key): Ditto.
* keyedit.c (print_and_check_one_sig): Ditto.
(ask_revoke_sig): Ditto.
(menu_revsig): Ditto.
(check_all_keysigs): Removed unused arg.
2001-05-23 Werner Koch <wk@gnupg.org>
* g10.c (opts): Typo fix by Robert C. Ames.
2001-05-06 Werner Koch <wk@gnupg.org>
* revoke.c: Small typo fix

View File

@ -120,12 +120,12 @@ do_delete_key( const char *username, int secret, int *r_sec_avail )
tty_printf("sec %4u%c/%08lX %s ",
nbits_from_sk( sk ),
pubkey_letter( sk->pubkey_algo ),
keyid[1], datestr_from_sk(sk) );
(ulong)keyid[1], datestr_from_sk(sk) );
else
tty_printf("pub %4u%c/%08lX %s ",
nbits_from_pk( pk ),
pubkey_letter( pk->pubkey_algo ),
keyid[1], datestr_from_pk(pk) );
(ulong)keyid[1], datestr_from_pk(pk) );
p = get_user_id( keyid, &n );
tty_print_utf8_string( p, n );
m_free(p);

View File

@ -307,7 +307,7 @@ static ARGPARSE_OPTS opts[] = {
{ oCompletesNeeded, "completes-needed", 1, "@"},
{ oMarginalsNeeded, "marginals-needed", 1, "@"},
{ oMaxCertDepth, "max-cert-depth", 1, "@" },
{ oTrustedKey, "trusted-key", 2, N_("|KEYID|ulimately trust this key")},
{ oTrustedKey, "trusted-key", 2, N_("|KEYID|ultimately trust this key")},
{ oLoadExtension, "load-extension" ,2, N_("|FILE|load extension module FILE")},
{ oRFC1991, "rfc1991", 0, N_("emulate the mode described in RFC1991")},
{ oOpenPGP, "openpgp", 0, N_("set all packet, cipher and digest options to OpenPGP behavior")},

View File

@ -147,7 +147,7 @@ print_and_check_one_sig( KBNODE keyblock, KBNODE node,
if( sigrc != '?' || print_without_key ) {
tty_printf("%s%c %08lX %s ",
is_rev? "rev":"sig",
sigrc, sig->keyid[1], datestr_from_sig(sig));
sigrc, (ulong)sig->keyid[1], datestr_from_sig(sig));
if( sigrc == '%' )
tty_printf("[%s] ", g10_errstr(rc) );
else if( sigrc == '?' )
@ -218,7 +218,7 @@ check_all_keysigs( KBNODE keyblock, int only_selected )
if( !has_selfsig )
mis_selfsig++;
if( inv_sigs == 1 )
tty_printf(_("1 bad signature\n"), inv_sigs );
tty_printf(_("1 bad signature\n") );
else if( inv_sigs )
tty_printf(_("%d bad signatures\n"), inv_sigs );
if( no_key == 1 )
@ -1797,7 +1797,7 @@ ask_revoke_sig( KBNODE keyblock, KBNODE node )
tty_print_utf8_string( unode->pkt->pkt.user_id->name,
unode->pkt->pkt.user_id->len );
tty_printf(_("\"\nsigned with your key %08lX at %s\n"),
sig->keyid[1], datestr_from_sig(sig) );
(ulong)sig->keyid[1], datestr_from_sig(sig) );
if( cpr_get_answer_is_yes("ask_revoke_sig.one",
_("Create a revocation certificate for this signature? (y/N)")) ) {
@ -1839,12 +1839,12 @@ menu_revsig( KBNODE keyblock )
!seckey_available( sig->keyid ) ) ) {
if( (sig->sig_class&~3) == 0x10 ) {
tty_printf(_(" signed by %08lX at %s\n"),
sig->keyid[1], datestr_from_sig(sig) );
(ulong)sig->keyid[1], datestr_from_sig(sig) );
node->flag |= NODFLG_SELSIG;
}
else if( sig->sig_class == 0x30 ) {
tty_printf(_(" revoked by %08lX at %s\n"),
sig->keyid[1], datestr_from_sig(sig) );
(ulong)sig->keyid[1], datestr_from_sig(sig) );
}
}
}
@ -1874,7 +1874,7 @@ menu_revsig( KBNODE keyblock )
else if( node->pkt->pkttype == PKT_SIGNATURE ) {
sig = node->pkt->pkt.signature;
tty_printf(_(" signed by %08lX at %s\n"),
sig->keyid[1], datestr_from_sig(sig) );
(ulong)sig->keyid[1], datestr_from_sig(sig) );
}
}
if( !any )

View File

@ -130,7 +130,7 @@ gen_revoke( const char *uname )
tty_printf("\nsec %4u%c/%08lX %s ",
nbits_from_sk( sk ),
pubkey_letter( sk->pubkey_algo ),
sk_keyid[1], datestr_from_sk(sk) );
(ulong)sk_keyid[1], datestr_from_sk(sk) );
{
size_t n;
char *p = get_user_id( sk_keyid, &n );

View File

@ -1,3 +1,7 @@
2001-05-25 Werner Koch <wk@gnupg.org>
* ttyio.h (tty_printf): Add printf attribute.
2001-04-23 Werner Koch <wk@gnupg.org>
* http.h: New flag HTTP_FLAG_NO_SHUTDOWN.

View File

@ -21,7 +21,11 @@
#define G10_TTYIO_H
int tty_batchmode( int onoff );
void tty_printf( const char *fmt, ... );
#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 )
void tty_printf (const char *fmt, ... ) __attribute__ ((format (printf,1,2)));
#else
void tty_printf const char *fmt, ... );
#endif
void tty_print_string( byte *p, size_t n );
void tty_print_utf8_string( byte *p, size_t n );
void tty_print_utf8_string2( byte *p, size_t n, size_t max_n );

View File

@ -1,3 +1,12 @@
2001-05-25 Werner Koch <wk@gnupg.org>
* ttyio.c (do_get): Fixed a serious format string bug. Thanks to
fish stiqz.
2001-05-23 Werner Koch <wk@gnupg.org>
* secmem.c (EPERM): Try to work around a Slackware problem.
2001-05-05 Werner Koch <wk@gnupg.org>
* http.c (http_start_data): Flush before writing.

View File

@ -42,6 +42,11 @@
#if defined(MAP_ANON) && !defined(MAP_ANONYMOUS)
#define MAP_ANONYMOUS MAP_ANON
#endif
/* It seems that Slackware 7.1 does not know about EPERM */
#if !defined(EPERM) && defined(ENOMEM)
#define EPERM ENOMEM
#endif
#define DEFAULT_POOLSIZE 16384

View File

@ -308,7 +308,7 @@ do_get( const char *prompt, int hidden )
init_ttyfp();
last_prompt_len = 0;
tty_printf( prompt );
tty_printf( "%s", prompt );
buf = m_alloc(n=50);
i = 0;