diff options
| author | Werner Koch <[email protected]> | 2014-11-24 18:24:47 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2014-11-24 18:27:20 +0000 |
| commit | 1f9dfe1fedad215140011257d9b1bb21bc368179 (patch) | |
| tree | 84a28bdf24fe49e99739785566c5af23d3ca3cb0 | |
| parent | gpg: Fix off-by-one read in the attribute subpacket parser. (diff) | |
| download | gnupg-1f9dfe1fedad215140011257d9b1bb21bc368179.tar.gz gnupg-1f9dfe1fedad215140011257d9b1bb21bc368179.zip | |
gpg: Fix use of uninit.value in listing sig subpkts.
* g10/parse-packet.c (dump_sig_subpkt): Print regex subpacket
sanitized.
--
We may not use "%s" to print an arbitrary buffer. At least "%.*s"
should have been used. However, it is in general preferable to escape
control characters while printf user data.
Reported-by: Hanno Böck
Signed-off-by: Werner Koch <[email protected]>
(backported from commit 596ae9f5433ca3b0e01f7acbe06fd2e424c42ae8)
| -rw-r--r-- | g10/parse-packet.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 99ff7b7b1..63b97f05e 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -972,7 +972,11 @@ dump_sig_subpkt( int hashed, int type, int critical, if(!length) p="[invalid regexp subpacket]"; else - fprintf (listfp, "regular expression: \"%s\"",buffer); + { + fprintf (listfp, "regular expression: \""); + print_string (listfp, buffer, length, '\"'); + p = "\""; + } break; case SIGSUBPKT_REVOCABLE: if( length ) |