util/

* secmem.c (init_pool): Avoid assigning a negative value to a
	size_t.
./
	* acinclude.m4: Fix last change.  Make test self-conatined by
	checking for sysconf and getpagesize.  Remove indentation for the
	sake of broken C-89 cpps.

ChangeLog

@@ -1,3 +1,9 @@
+2007-04-16  Werner Koch  <wk@g10code.com>
+
+	* acinclude.m4: Fix last change.  Make test self-conatined by
+	checking for sysconf and getpagesize.  Remove indentation for the
+	sake of broken C-89 cpp.
+
 2007-04-16  David Shaw  <dshaw@jabberwocky.com>
 
 	* configure.ac: Add a HAVE_SHM conditional.

NEWS

@@ -11,7 +11,7 @@ Noteworthy changes in version 1.4.7 (2007-03-05)
       plaintext boundary status tags that GnuPG provides.  This change
       makes GnuPG reject such messages by default which makes those
       programs safe again.  --allow-multiple-messages returns to the
-      old behavior.
+      old behavior. [CVE-2007-1263].
 
     * [W32] The environment variable LANGUAGE may be used to override
       the language given by HKCU\Software\GNU\GnuPG:Lang.  The

acinclude.m4

@@ -384,18 +384,18 @@ define(GNUPG_CHECK_MLOCK,
                     #include <sys/mman.h>
                     #endif
                 ], [
-                    int i;
+ int i;
 
-                    /* glibc defines this for functions which it implements
-                     * to always fail with ENOSYS.  Some functions are actually
-                     * named something starting with __ and the normal name
-                     * is an alias.  */
-                    #if defined (__stub_mlock) || defined (__stub___mlock)
-                    choke me
-                    #else
-                    mlock(&i, 4);
-                    #endif
-                    ; return 0;
+ /* glibc defines this for functions which it implements
+  * to always fail with ENOSYS.  Some functions are actually
+  * named something starting with __ and the normal name
+  * is an alias.  */
+ #if defined (__stub_mlock) || defined (__stub___mlock)
+ choke me
+ #else
+ mlock(&i, 4);
+ #endif
+ ; return 0;
                 ],
                 gnupg_cv_mlock_is_in_sys_mman=yes,
                 gnupg_cv_mlock_is_in_sys_mman=no)])
@@ -406,42 +406,45 @@ define(GNUPG_CHECK_MLOCK,
         fi
     fi
     if test "$ac_cv_func_mlock" = "yes"; then
+        AC_CHECK_FUNCS(sysconf getpagesize)
         AC_MSG_CHECKING(whether mlock is broken)
           AC_CACHE_VAL(gnupg_cv_have_broken_mlock,
              AC_TRY_RUN([
-                #include <stdlib.h>
-                #include <unistd.h>
-                #include <errno.h>
-                #include <sys/mman.h>
-                #include <sys/types.h>
-                #include <fcntl.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <errno.h>
+#include <sys/mman.h>
+#include <sys/types.h>
+#include <fcntl.h>
 
-                int main()
-                {
-                    char *pool;
-                    int err;
-                    long int pgsize;
+int main()
+{
+    char *pool;
+    int err;
+    long int pgsize;
 
-		#if defined(HAVE_SYSCONF) && defined(_SC_PAGESIZE)
-                    pgsize = sysconf(_SC_PAGESIZE);
-		#elif defined(HAVE_GETPAGESIZE)
-                    pgsize = getpagesize();
-		#endif
+#if defined(HAVE_SYSCONF) && defined(_SC_PAGESIZE)
+    pgsize = sysconf(_SC_PAGESIZE);
+#elif defined(HAVE_GETPAGESIZE)
+    pgsize = getpagesize();
+#else
+    pgsize = -1;
+#endif
 
-		    if(pgsize==-1)
-	               pgsize = 4096;
+    if(pgsize==-1)
+       pgsize = 4096;
 
-                    pool = malloc( 4096 + pgsize );
-                    if( !pool )
-                        return 2;
-                    pool += (pgsize - ((long int)pool % pgsize));
+    pool = malloc( 4096 + pgsize );
+    if( !pool )
+        return 2;
+    pool += (pgsize - ((long int)pool % pgsize));
 
-                    err = mlock( pool, 4096 );
-                    if( !err || errno == EPERM )
-                        return 0; /* okay */
+    err = mlock( pool, 4096 );
+    if( !err || errno == EPERM )
+        return 0; /* okay */
 
-                    return 1;  /* hmmm */
-                }
+    return 1;  /* hmmm */
+}
 
             ],
             gnupg_cv_have_broken_mlock="no",

util/ChangeLog

@@ -1,3 +1,8 @@
+2007-04-16  Werner Koch  <wk@g10code.com>
+
+	* secmem.c (init_pool): Avoid assigning a negative value to a
+	size_t.
+
 2007-04-16  David Shaw  <dshaw@jabberwocky.com>
 
 	* secmem.c (init_pool): Use sysconf() if available to determine

util/secmem.c

@@ -219,7 +219,8 @@ lock_pool( void *p, size_t n )
 static void
 init_pool( size_t n)
 {
-    size_t pgsize=-1;
+    long int pgsize_val;
+    size_t pgsize;
 
     poolsize = n;
 
@@ -227,13 +228,14 @@ init_pool( size_t n)
 	log_bug("secure memory is disabled");
 
 #if defined(HAVE_SYSCONF) && defined(_SC_PAGESIZE)
-    pgsize = sysconf(_SC_PAGESIZE);
+    pgsize_val = sysconf (_SC_PAGESIZE);
 #elif defined(HAVE_GETPAGESIZE)
-    pgsize = getpagesize();
+    pgsize_val = getpagesize ();
+#else
+    pgsize_val = -1;
 #endif
+    pgsize = (pgsize_val != -1 && pgsize_val > 0)? pgsize_val : 4096;
 
-    if(pgsize==-1)
-      pgsize = 4096;
 
 #ifdef HAVE_MMAP
     poolsize = (poolsize + pgsize -1 ) & ~(pgsize-1);