Fix potential heap corruption in "gpg -v --version"

* g10/gpg.c (build_list): Rewrite to cope with buffer overflow in certain locales. * util/membuf.c (put_membuf_str): New. (get_membuf): Make LEN optional. -- This fixes an obvious bug in locales where the translated string is longer than the original. The bug could be exhibited by using LANG=ru_RU.utf8 gpg -v --version. En passant we also removed the trailing white space on continued lines. Reported-by: Dmitry V. Levin" <ldv at altlinux.org>
2025-07-03 22:56:33 +02:00 · 2012-12-15 11:28:00 +01:00 · 2012-12-15 11:28:00 +01:00 · e33e74e3a4
commit e33e74e3a4
parent eb541e35b8
4 changed files with 56 additions and 50 deletions
--- a/util/membuf.c
+++ b/util/membuf.c
@ -52,7 +52,7 @@ put_membuf (membuf_t *mb, const void *buf, size_t len)
  if (mb->len + len >= mb->size)
    {
      char *p;
-      
+
      mb->size += len + 1024;
      p = xrealloc (mb->buf, mb->size);
      mb->buf = p;
@ -62,6 +62,13 @@ put_membuf (membuf_t *mb, const void *buf, size_t len)
 }


+void
+put_membuf_str (membuf_t *mb, const char *buf)
+{
+  put_membuf (mb, buf, strlen (buf));
+}
+
+
 void *
 get_membuf (membuf_t *mb, size_t *len)
 {
@ -75,7 +82,8 @@ get_membuf (membuf_t *mb, size_t *len)
    }

  p = mb->buf;
-  *len = mb->len;
+  if (len)
+    *len = mb->len;
  mb->buf = NULL;
  mb->out_of_core = ENOMEM; /* hack to make sure it won't get reused. */
  return p;