1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

agent: Do not place a trailing NUL byte on S-expressions

* agent/pkdecrypt.c (agent_pkdecrypt): Avoid appending a trailing NUL
byte at the end of the generated S-expression.

--

In many cases, a canonical S-expression may have an embedded NUL
anyway (especially if it contains raw cryptographic key material or
other high-entropy bytestrings), so trying to treat a canonical
S-expression as a C string is likely to be dangerous -- better to not
leave any such expectations.

With the previous commit addressing the otherwise brittle consumers of
pkdecrypt, this should now be safe to do.

GnuPG-bug-id: 4652
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
This commit is contained in:
Daniel Kahn Gillmor 2019-07-24 19:26:10 -04:00
parent fdd1567743
commit efffd9907b

View File

@ -95,7 +95,7 @@ agent_pkdecrypt (ctrl_t ctrl, const char *desc_text,
put_membuf_printf (outbuf, "(5:value%u:", (unsigned int)len); put_membuf_printf (outbuf, "(5:value%u:", (unsigned int)len);
put_membuf (outbuf, buf, len); put_membuf (outbuf, buf, len);
put_membuf (outbuf, ")", 2); put_membuf (outbuf, ")", 1);
} }
else else
{ /* No smartcard, but a private key */ { /* No smartcard, but a private key */
@ -130,7 +130,7 @@ agent_pkdecrypt (ctrl_t ctrl, const char *desc_text,
part. Turn it into a complete S-expression. */ part. Turn it into a complete S-expression. */
put_membuf (outbuf, "(5:value", 8); put_membuf (outbuf, "(5:value", 8);
put_membuf (outbuf, buf, len); put_membuf (outbuf, buf, len);
put_membuf (outbuf, ")", 2); put_membuf (outbuf, ")", 1);
} }
} }