mirror of
git://git.gnupg.org/gnupg.git
synced 2025-03-12 23:01:14 +01:00
fixed severe format string bug
This commit is contained in:
parent
42df1779cc
commit
ca284c1000
3
NEWS
3
NEWS
@ -1,3 +1,6 @@
|
||||
|
||||
* Security fix for a format string bug in the tty code.
|
||||
|
||||
Noteworthy changes in version 1.0.5 (2001-04-29)
|
||||
------------------------------------------------
|
||||
|
||||
|
1
THANKS
1
THANKS
@ -44,6 +44,7 @@ Enzo Michelangeli em@MailAndNews.com
|
||||
Ernst Molitor ernst.molitor@uni-bonn.de
|
||||
Fabio Coatti cova@ferrara.linux.it
|
||||
Felix von Leitner leitner@amdiv.de
|
||||
fish stiqz fish@analog.org
|
||||
Florian Weimer Florian.Weimer@rus.uni-stuttgart.de
|
||||
Frank Donahoe fdonahoe@wilkes1.wilkes.edu
|
||||
Frank Heckenbach heckenb@mi.uni-erlangen.de
|
||||
|
6
TODO
6
TODO
@ -56,6 +56,12 @@
|
||||
* Replace the printing of the user name by [self-signature] when
|
||||
appropriate so that a key listing does not get clobbered.
|
||||
|
||||
* "Michael T. Babcock" <mbabcock@fibrespeed.net> suggested to write
|
||||
an even log so that other software can display a key history or
|
||||
alike with GnuPG results. This should be connected to the keyrings.
|
||||
|
||||
* Show whether a signature is exportable or not. In --edit-key and
|
||||
in --with-colon listing?
|
||||
|
||||
Scheduled for 1.1
|
||||
-----------------
|
||||
|
@ -1,3 +1,16 @@
|
||||
2001-05-25 Werner Koch <wk@gnupg.org>
|
||||
|
||||
* revoke.c (gen_revoke): Add a cast to a tty_printf arg.
|
||||
* delkey.c (do_delete_key): Ditto.
|
||||
* keyedit.c (print_and_check_one_sig): Ditto.
|
||||
(ask_revoke_sig): Ditto.
|
||||
(menu_revsig): Ditto.
|
||||
(check_all_keysigs): Removed unused arg.
|
||||
|
||||
2001-05-23 Werner Koch <wk@gnupg.org>
|
||||
|
||||
* g10.c (opts): Typo fix by Robert C. Ames.
|
||||
|
||||
2001-05-06 Werner Koch <wk@gnupg.org>
|
||||
|
||||
* revoke.c: Small typo fix
|
||||
|
@ -120,12 +120,12 @@ do_delete_key( const char *username, int secret, int *r_sec_avail )
|
||||
tty_printf("sec %4u%c/%08lX %s ",
|
||||
nbits_from_sk( sk ),
|
||||
pubkey_letter( sk->pubkey_algo ),
|
||||
keyid[1], datestr_from_sk(sk) );
|
||||
(ulong)keyid[1], datestr_from_sk(sk) );
|
||||
else
|
||||
tty_printf("pub %4u%c/%08lX %s ",
|
||||
nbits_from_pk( pk ),
|
||||
pubkey_letter( pk->pubkey_algo ),
|
||||
keyid[1], datestr_from_pk(pk) );
|
||||
(ulong)keyid[1], datestr_from_pk(pk) );
|
||||
p = get_user_id( keyid, &n );
|
||||
tty_print_utf8_string( p, n );
|
||||
m_free(p);
|
||||
|
@ -307,7 +307,7 @@ static ARGPARSE_OPTS opts[] = {
|
||||
{ oCompletesNeeded, "completes-needed", 1, "@"},
|
||||
{ oMarginalsNeeded, "marginals-needed", 1, "@"},
|
||||
{ oMaxCertDepth, "max-cert-depth", 1, "@" },
|
||||
{ oTrustedKey, "trusted-key", 2, N_("|KEYID|ulimately trust this key")},
|
||||
{ oTrustedKey, "trusted-key", 2, N_("|KEYID|ultimately trust this key")},
|
||||
{ oLoadExtension, "load-extension" ,2, N_("|FILE|load extension module FILE")},
|
||||
{ oRFC1991, "rfc1991", 0, N_("emulate the mode described in RFC1991")},
|
||||
{ oOpenPGP, "openpgp", 0, N_("set all packet, cipher and digest options to OpenPGP behavior")},
|
||||
|
@ -147,7 +147,7 @@ print_and_check_one_sig( KBNODE keyblock, KBNODE node,
|
||||
if( sigrc != '?' || print_without_key ) {
|
||||
tty_printf("%s%c %08lX %s ",
|
||||
is_rev? "rev":"sig",
|
||||
sigrc, sig->keyid[1], datestr_from_sig(sig));
|
||||
sigrc, (ulong)sig->keyid[1], datestr_from_sig(sig));
|
||||
if( sigrc == '%' )
|
||||
tty_printf("[%s] ", g10_errstr(rc) );
|
||||
else if( sigrc == '?' )
|
||||
@ -218,7 +218,7 @@ check_all_keysigs( KBNODE keyblock, int only_selected )
|
||||
if( !has_selfsig )
|
||||
mis_selfsig++;
|
||||
if( inv_sigs == 1 )
|
||||
tty_printf(_("1 bad signature\n"), inv_sigs );
|
||||
tty_printf(_("1 bad signature\n") );
|
||||
else if( inv_sigs )
|
||||
tty_printf(_("%d bad signatures\n"), inv_sigs );
|
||||
if( no_key == 1 )
|
||||
@ -1797,7 +1797,7 @@ ask_revoke_sig( KBNODE keyblock, KBNODE node )
|
||||
tty_print_utf8_string( unode->pkt->pkt.user_id->name,
|
||||
unode->pkt->pkt.user_id->len );
|
||||
tty_printf(_("\"\nsigned with your key %08lX at %s\n"),
|
||||
sig->keyid[1], datestr_from_sig(sig) );
|
||||
(ulong)sig->keyid[1], datestr_from_sig(sig) );
|
||||
|
||||
if( cpr_get_answer_is_yes("ask_revoke_sig.one",
|
||||
_("Create a revocation certificate for this signature? (y/N)")) ) {
|
||||
@ -1839,12 +1839,12 @@ menu_revsig( KBNODE keyblock )
|
||||
!seckey_available( sig->keyid ) ) ) {
|
||||
if( (sig->sig_class&~3) == 0x10 ) {
|
||||
tty_printf(_(" signed by %08lX at %s\n"),
|
||||
sig->keyid[1], datestr_from_sig(sig) );
|
||||
(ulong)sig->keyid[1], datestr_from_sig(sig) );
|
||||
node->flag |= NODFLG_SELSIG;
|
||||
}
|
||||
else if( sig->sig_class == 0x30 ) {
|
||||
tty_printf(_(" revoked by %08lX at %s\n"),
|
||||
sig->keyid[1], datestr_from_sig(sig) );
|
||||
(ulong)sig->keyid[1], datestr_from_sig(sig) );
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1874,7 +1874,7 @@ menu_revsig( KBNODE keyblock )
|
||||
else if( node->pkt->pkttype == PKT_SIGNATURE ) {
|
||||
sig = node->pkt->pkt.signature;
|
||||
tty_printf(_(" signed by %08lX at %s\n"),
|
||||
sig->keyid[1], datestr_from_sig(sig) );
|
||||
(ulong)sig->keyid[1], datestr_from_sig(sig) );
|
||||
}
|
||||
}
|
||||
if( !any )
|
||||
|
@ -130,7 +130,7 @@ gen_revoke( const char *uname )
|
||||
tty_printf("\nsec %4u%c/%08lX %s ",
|
||||
nbits_from_sk( sk ),
|
||||
pubkey_letter( sk->pubkey_algo ),
|
||||
sk_keyid[1], datestr_from_sk(sk) );
|
||||
(ulong)sk_keyid[1], datestr_from_sk(sk) );
|
||||
{
|
||||
size_t n;
|
||||
char *p = get_user_id( sk_keyid, &n );
|
||||
|
@ -1,3 +1,7 @@
|
||||
2001-05-25 Werner Koch <wk@gnupg.org>
|
||||
|
||||
* ttyio.h (tty_printf): Add printf attribute.
|
||||
|
||||
2001-04-23 Werner Koch <wk@gnupg.org>
|
||||
|
||||
* http.h: New flag HTTP_FLAG_NO_SHUTDOWN.
|
||||
|
@ -21,7 +21,11 @@
|
||||
#define G10_TTYIO_H
|
||||
|
||||
int tty_batchmode( int onoff );
|
||||
void tty_printf( const char *fmt, ... );
|
||||
#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 )
|
||||
void tty_printf (const char *fmt, ... ) __attribute__ ((format (printf,1,2)));
|
||||
#else
|
||||
void tty_printf const char *fmt, ... );
|
||||
#endif
|
||||
void tty_print_string( byte *p, size_t n );
|
||||
void tty_print_utf8_string( byte *p, size_t n );
|
||||
void tty_print_utf8_string2( byte *p, size_t n, size_t max_n );
|
||||
|
@ -1,3 +1,12 @@
|
||||
2001-05-25 Werner Koch <wk@gnupg.org>
|
||||
|
||||
* ttyio.c (do_get): Fixed a serious format string bug. Thanks to
|
||||
fish stiqz.
|
||||
|
||||
2001-05-23 Werner Koch <wk@gnupg.org>
|
||||
|
||||
* secmem.c (EPERM): Try to work around a Slackware problem.
|
||||
|
||||
2001-05-05 Werner Koch <wk@gnupg.org>
|
||||
|
||||
* http.c (http_start_data): Flush before writing.
|
||||
|
@ -42,6 +42,11 @@
|
||||
#if defined(MAP_ANON) && !defined(MAP_ANONYMOUS)
|
||||
#define MAP_ANONYMOUS MAP_ANON
|
||||
#endif
|
||||
/* It seems that Slackware 7.1 does not know about EPERM */
|
||||
#if !defined(EPERM) && defined(ENOMEM)
|
||||
#define EPERM ENOMEM
|
||||
#endif
|
||||
|
||||
|
||||
#define DEFAULT_POOLSIZE 16384
|
||||
|
||||
|
@ -308,7 +308,7 @@ do_get( const char *prompt, int hidden )
|
||||
init_ttyfp();
|
||||
|
||||
last_prompt_len = 0;
|
||||
tty_printf( prompt );
|
||||
tty_printf( "%s", prompt );
|
||||
buf = m_alloc(n=50);
|
||||
i = 0;
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user