fixed severe format string bug

2025-04-17 15:44:34 +02:00 · 2001-05-25 07:22:34 +00:00 · 2001-05-25 07:22:34 +00:00 · ca284c1000
commit ca284c1000
parent 42df1779cc
13 changed files with 57 additions and 12 deletions
--- a/3
+++ b/3
@ -1,3 +1,6 @@
    * Security fix for a format string bug in the tty code.
 Noteworthy changes in version 1.0.5 (2001-04-29)
 ------------------------------------------------
--- a/1
+++ b/1
@ -44,6 +44,7 @@ Enzo Michelangeli	   em@MailAndNews.com
 Ernst Molitor		   ernst.molitor@uni-bonn.de
 Fabio Coatti		   cova@ferrara.linux.it
 Felix von Leitner	   leitner@amdiv.de
 fish stiqz                 fish@analog.org
 Florian Weimer             Florian.Weimer@rus.uni-stuttgart.de
 Frank Donahoe		   fdonahoe@wilkes1.wilkes.edu
 Frank Heckenbach	   heckenb@mi.uni-erlangen.de
--- a/6
+++ b/6
@ -56,6 +56,12 @@
  * Replace the printing of the user name by [self-signature] when
    appropriate so that a key listing does not get clobbered.
  * "Michael T. Babcock" <mbabcock@fibrespeed.net> suggested to write
    an even log so that other software can display a key history or
    alike with GnuPG results.  This should be connected to the keyrings.
  * Show whether a signature is exportable or not.  In --edit-key and
    in --with-colon listing?
 Scheduled for 1.1
 -----------------
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,3 +1,16 @@
 2001-05-25  Werner Koch  <wk@gnupg.org>
 	* revoke.c (gen_revoke): Add a cast to a tty_printf arg.
 	* delkey.c (do_delete_key): Ditto.
 	* keyedit.c (print_and_check_one_sig): Ditto.
 	(ask_revoke_sig): Ditto.
 	(menu_revsig): Ditto.
 	(check_all_keysigs): Removed unused arg.
 2001-05-23  Werner Koch  <wk@gnupg.org>
 	* g10.c (opts): Typo fix by Robert C. Ames.
 2001-05-06  Werner Koch  <wk@gnupg.org>
 	* revoke.c: Small typo fix
--- a/g10/delkey.c
+++ b/g10/delkey.c
@ -120,12 +120,12 @@ do_delete_key( const char *username, int secret, int *r_sec_avail )
 	    tty_printf("sec  %4u%c/%08lX %s   ",
 		      nbits_from_sk( sk ),
 		      pubkey_letter( sk->pubkey_algo ),
-		      keyid[1], datestr_from_sk(sk) );
+		      (ulong)keyid[1], datestr_from_sk(sk) );
 	else
 	    tty_printf("pub  %4u%c/%08lX %s   ",
 		      nbits_from_pk( pk ),
 		      pubkey_letter( pk->pubkey_algo ),
-		      keyid[1], datestr_from_pk(pk) );
+		      (ulong)keyid[1], datestr_from_pk(pk) );
 	p = get_user_id( keyid, &n );
 	tty_print_utf8_string( p, n );
 	m_free(p);
--- a/g10/g10.c
+++ b/g10/g10.c
@ -307,7 +307,7 @@ static ARGPARSE_OPTS opts[] = {
    { oCompletesNeeded, "completes-needed", 1, "@"},
    { oMarginalsNeeded, "marginals-needed", 1, "@"},
    { oMaxCertDepth,	"max-cert-depth", 1, "@" },
-    { oTrustedKey, "trusted-key", 2, N_("|KEYID|ulimately trust this key")},
+    { oTrustedKey, "trusted-key", 2, N_("|KEYID|ultimately trust this key")},
    { oLoadExtension, "load-extension" ,2, N_("|FILE|load extension module FILE")},
    { oRFC1991, "rfc1991",   0, N_("emulate the mode described in RFC1991")},
    { oOpenPGP, "openpgp", 0, N_("set all packet, cipher and digest options to OpenPGP behavior")},
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@ -147,7 +147,7 @@ print_and_check_one_sig( KBNODE keyblock, KBNODE node,
    if( sigrc != '?' || print_without_key ) {
 	tty_printf("%s%c       %08lX %s   ",
 		is_rev? "rev":"sig",
-		sigrc, sig->keyid[1], datestr_from_sig(sig));
+		sigrc, (ulong)sig->keyid[1], datestr_from_sig(sig));
 	if( sigrc == '%' )
 	    tty_printf("[%s] ", g10_errstr(rc) );
 	else if( sigrc == '?' )
@ -218,7 +218,7 @@ check_all_keysigs( KBNODE keyblock, int only_selected )
    if( !has_selfsig )
 	mis_selfsig++;
    if( inv_sigs == 1 )
-	tty_printf(_("1 bad signature\n"), inv_sigs );
+	tty_printf(_("1 bad signature\n") );
    else if( inv_sigs )
 	tty_printf(_("%d bad signatures\n"), inv_sigs );
    if( no_key == 1 )
@ -1797,7 +1797,7 @@ ask_revoke_sig( KBNODE keyblock, KBNODE node )
    tty_print_utf8_string( unode->pkt->pkt.user_id->name,
 			   unode->pkt->pkt.user_id->len );
    tty_printf(_("\"\nsigned with your key %08lX at %s\n"),
-		sig->keyid[1], datestr_from_sig(sig) );
+		(ulong)sig->keyid[1], datestr_from_sig(sig) );
    if( cpr_get_answer_is_yes("ask_revoke_sig.one",
 	 _("Create a revocation certificate for this signature? (y/N)")) ) {
@ -1839,12 +1839,12 @@ menu_revsig( KBNODE keyblock )
 		     !seckey_available( sig->keyid )  ) ) {
 	    if( (sig->sig_class&~3) == 0x10 ) {
 		tty_printf(_("   signed by %08lX at %s\n"),
-			    sig->keyid[1], datestr_from_sig(sig) );
+			    (ulong)sig->keyid[1], datestr_from_sig(sig) );
 		node->flag |= NODFLG_SELSIG;
 	    }
 	    else if( sig->sig_class == 0x30 ) {
 		tty_printf(_("   revoked by %08lX at %s\n"),
-			    sig->keyid[1], datestr_from_sig(sig) );
+			    (ulong)sig->keyid[1], datestr_from_sig(sig) );
 	    }
 	}
    }
@ -1874,7 +1874,7 @@ menu_revsig( KBNODE keyblock )
 	else if( node->pkt->pkttype == PKT_SIGNATURE ) {
 	    sig = node->pkt->pkt.signature;
 	    tty_printf(_("   signed by %08lX at %s\n"),
-			    sig->keyid[1], datestr_from_sig(sig) );
+			    (ulong)sig->keyid[1], datestr_from_sig(sig) );
 	}
    }
    if( !any )
--- a/g10/revoke.c
+++ b/g10/revoke.c
@ -130,7 +130,7 @@ gen_revoke( const char *uname )
    tty_printf("\nsec  %4u%c/%08lX %s   ",
 	      nbits_from_sk( sk ),
 	      pubkey_letter( sk->pubkey_algo ),
-	      sk_keyid[1], datestr_from_sk(sk) );
+	      (ulong)sk_keyid[1], datestr_from_sk(sk) );
    {
 	size_t n;
 	char *p = get_user_id( sk_keyid, &n );
--- a/include/ChangeLog
+++ b/include/ChangeLog
@ -1,3 +1,7 @@
 2001-05-25  Werner Koch  <wk@gnupg.org>
 	* ttyio.h (tty_printf): Add printf attribute.
 2001-04-23  Werner Koch  <wk@gnupg.org>
 	* http.h: New flag HTTP_FLAG_NO_SHUTDOWN.
--- a/include/ttyio.h
+++ b/include/ttyio.h
@ -21,7 +21,11 @@
 #define G10_TTYIO_H
 int tty_batchmode( int onoff );
-void tty_printf( const char *fmt, ... );
+#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 )
 void tty_printf (const char *fmt, ... ) __attribute__ ((format (printf,1,2)));
 #else
 void tty_printf  const char *fmt, ... );
 #endif
 void tty_print_string( byte *p, size_t n );
 void tty_print_utf8_string( byte *p, size_t n );
 void tty_print_utf8_string2( byte *p, size_t n, size_t max_n );
--- a/util/ChangeLog
+++ b/util/ChangeLog
@ -1,3 +1,12 @@
 2001-05-25  Werner Koch  <wk@gnupg.org>
 	* ttyio.c (do_get): Fixed a serious format string bug.  Thanks to
 	fish stiqz.
 2001-05-23  Werner Koch  <wk@gnupg.org>
 	* secmem.c (EPERM): Try to work around a Slackware problem.
 2001-05-05  Werner Koch  <wk@gnupg.org>
 	* http.c (http_start_data): Flush before writing.
--- a/util/secmem.c
+++ b/util/secmem.c
@ -42,6 +42,11 @@
 #if defined(MAP_ANON) && !defined(MAP_ANONYMOUS)
  #define MAP_ANONYMOUS MAP_ANON
 #endif
 /* It seems that Slackware 7.1 does not know about EPERM */
 #if !defined(EPERM) && defined(ENOMEM)
  #define EPERM  ENOMEM
 #endif
 #define DEFAULT_POOLSIZE 16384
--- a/util/ttyio.c
+++ b/util/ttyio.c
@ -308,7 +308,7 @@ do_get( const char *prompt, int hidden )
 	init_ttyfp();
    last_prompt_len = 0;
-    tty_printf( prompt );
+    tty_printf( "%s", prompt );
    buf = m_alloc(n=50);
    i = 0;