From d19d6e1856c9a1acbf48e8b2e39b3d9171aa9f7f Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Tue, 2 Feb 2016 18:18:31 +0100
Subject: [PATCH] common: Make gnupg_exec_tool conform to spec.

* common/exectool.c (gnupg_exec_tool): Allocate extra byte.  Allow
zero length read.  Append hidden byte.  Release memory on error.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 common/exectool.c | 27 ++++++++++++++++++---------
 1 file changed, 18 insertions(+), 9 deletions(-)

diff --git a/common/exectool.c b/common/exectool.c
index 766ee94c7..7b3a8f1b5 100644
--- a/common/exectool.c
+++ b/common/exectool.c
@@ -417,24 +417,33 @@ gnupg_exec_tool (const char *pgmname, const char *argv[],
   if (err)
     goto leave;
 
-  *result = xtrymalloc (len);
-  if (*result == NULL)
+  *result = xtrymalloc (len + 1);
+  if (!*result)
     {
       err = my_error_from_syserror ();
       goto leave;
     }
 
-  err = es_read (output, *result, len, &nread);
-  if (! err)
+  if (len)
     {
-      assert (nread == len || !"short read on memstream");
-      if (resultlen)
-        *resultlen = len;
+      err = es_read (output, *result, len, &nread);
+      if (err)
+        goto leave;
+      if (nread != len)
+        log_fatal ("%s: short read from memstream\n", __func__);
     }
+  (*result)[len] = 0;
+
+  if (resultlen)
+    *resultlen = len;
 
  leave:
-  if (input)
-    es_fclose (input);
+  es_fclose (input);
   es_fclose (output);
+  if (err)
+    {
+      xfree (*result);
+      *result = NULL;
+    }
   return err;
 }