diff options
| author | Werner Koch <[email protected]> | 2001-05-25 07:22:34 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2001-05-25 07:22:34 +0000 |
| commit | ca284c1000b2417d6b9d57219788309619ba1a31 (patch) | |
| tree | 58eaa8559787c44861df5d8b2c1c00aceb33b0a6 | |
| parent | small correction (diff) | |
| download | gnupg-ca284c1000b2417d6b9d57219788309619ba1a31.tar.gz gnupg-ca284c1000b2417d6b9d57219788309619ba1a31.zip | |
fixed severe format string bug
| -rw-r--r-- | NEWS | 3 | ||||
| -rw-r--r-- | THANKS | 1 | ||||
| -rw-r--r-- | TODO | 6 | ||||
| -rw-r--r-- | g10/ChangeLog | 13 | ||||
| -rw-r--r-- | g10/delkey.c | 4 | ||||
| -rw-r--r-- | g10/g10.c | 2 | ||||
| -rw-r--r-- | g10/keyedit.c | 12 | ||||
| -rw-r--r-- | g10/revoke.c | 2 | ||||
| -rw-r--r-- | include/ChangeLog | 4 | ||||
| -rw-r--r-- | include/ttyio.h | 6 | ||||
| -rw-r--r-- | util/ChangeLog | 9 | ||||
| -rw-r--r-- | util/secmem.c | 5 | ||||
| -rw-r--r-- | util/ttyio.c | 2 |
13 files changed, 57 insertions, 12 deletions
@@ -1,3 +1,6 @@ + + * Security fix for a format string bug in the tty code. + Noteworthy changes in version 1.0.5 (2001-04-29) ------------------------------------------------ @@ -44,6 +44,7 @@ Enzo Michelangeli [email protected] Ernst Molitor [email protected] Fabio Coatti [email protected] Felix von Leitner [email protected] +fish stiqz [email protected] Florian Weimer [email protected] Frank Donahoe [email protected] Frank Heckenbach [email protected] @@ -56,6 +56,12 @@ * Replace the printing of the user name by [self-signature] when appropriate so that a key listing does not get clobbered. + * "Michael T. Babcock" <[email protected]> suggested to write + an even log so that other software can display a key history or + alike with GnuPG results. This should be connected to the keyrings. + + * Show whether a signature is exportable or not. In --edit-key and + in --with-colon listing? Scheduled for 1.1 ----------------- diff --git a/g10/ChangeLog b/g10/ChangeLog index e1b8d7af0..e1daa0050 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,16 @@ +2001-05-25 Werner Koch <[email protected]> + + * revoke.c (gen_revoke): Add a cast to a tty_printf arg. + * delkey.c (do_delete_key): Ditto. + * keyedit.c (print_and_check_one_sig): Ditto. + (ask_revoke_sig): Ditto. + (menu_revsig): Ditto. + (check_all_keysigs): Removed unused arg. + +2001-05-23 Werner Koch <[email protected]> + + * g10.c (opts): Typo fix by Robert C. Ames. + 2001-05-06 Werner Koch <[email protected]> * revoke.c: Small typo fix diff --git a/g10/delkey.c b/g10/delkey.c index f6ff3a54c..784fe03bf 100644 --- a/g10/delkey.c +++ b/g10/delkey.c @@ -120,12 +120,12 @@ do_delete_key( const char *username, int secret, int *r_sec_avail ) tty_printf("sec %4u%c/%08lX %s ", nbits_from_sk( sk ), pubkey_letter( sk->pubkey_algo ), - keyid[1], datestr_from_sk(sk) ); + (ulong)keyid[1], datestr_from_sk(sk) ); else tty_printf("pub %4u%c/%08lX %s ", nbits_from_pk( pk ), pubkey_letter( pk->pubkey_algo ), - keyid[1], datestr_from_pk(pk) ); + (ulong)keyid[1], datestr_from_pk(pk) ); p = get_user_id( keyid, &n ); tty_print_utf8_string( p, n ); m_free(p); @@ -307,7 +307,7 @@ static ARGPARSE_OPTS opts[] = { { oCompletesNeeded, "completes-needed", 1, "@"}, { oMarginalsNeeded, "marginals-needed", 1, "@"}, { oMaxCertDepth, "max-cert-depth", 1, "@" }, - { oTrustedKey, "trusted-key", 2, N_("|KEYID|ulimately trust this key")}, + { oTrustedKey, "trusted-key", 2, N_("|KEYID|ultimately trust this key")}, { oLoadExtension, "load-extension" ,2, N_("|FILE|load extension module FILE")}, { oRFC1991, "rfc1991", 0, N_("emulate the mode described in RFC1991")}, { oOpenPGP, "openpgp", 0, N_("set all packet, cipher and digest options to OpenPGP behavior")}, diff --git a/g10/keyedit.c b/g10/keyedit.c index b58c750a7..ca141b4a4 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -147,7 +147,7 @@ print_and_check_one_sig( KBNODE keyblock, KBNODE node, if( sigrc != '?' || print_without_key ) { tty_printf("%s%c %08lX %s ", is_rev? "rev":"sig", - sigrc, sig->keyid[1], datestr_from_sig(sig)); + sigrc, (ulong)sig->keyid[1], datestr_from_sig(sig)); if( sigrc == '%' ) tty_printf("[%s] ", g10_errstr(rc) ); else if( sigrc == '?' ) @@ -218,7 +218,7 @@ check_all_keysigs( KBNODE keyblock, int only_selected ) if( !has_selfsig ) mis_selfsig++; if( inv_sigs == 1 ) - tty_printf(_("1 bad signature\n"), inv_sigs ); + tty_printf(_("1 bad signature\n") ); else if( inv_sigs ) tty_printf(_("%d bad signatures\n"), inv_sigs ); if( no_key == 1 ) @@ -1797,7 +1797,7 @@ ask_revoke_sig( KBNODE keyblock, KBNODE node ) tty_print_utf8_string( unode->pkt->pkt.user_id->name, unode->pkt->pkt.user_id->len ); tty_printf(_("\"\nsigned with your key %08lX at %s\n"), - sig->keyid[1], datestr_from_sig(sig) ); + (ulong)sig->keyid[1], datestr_from_sig(sig) ); if( cpr_get_answer_is_yes("ask_revoke_sig.one", _("Create a revocation certificate for this signature? (y/N)")) ) { @@ -1839,12 +1839,12 @@ menu_revsig( KBNODE keyblock ) !seckey_available( sig->keyid ) ) ) { if( (sig->sig_class&~3) == 0x10 ) { tty_printf(_(" signed by %08lX at %s\n"), - sig->keyid[1], datestr_from_sig(sig) ); + (ulong)sig->keyid[1], datestr_from_sig(sig) ); node->flag |= NODFLG_SELSIG; } else if( sig->sig_class == 0x30 ) { tty_printf(_(" revoked by %08lX at %s\n"), - sig->keyid[1], datestr_from_sig(sig) ); + (ulong)sig->keyid[1], datestr_from_sig(sig) ); } } } @@ -1874,7 +1874,7 @@ menu_revsig( KBNODE keyblock ) else if( node->pkt->pkttype == PKT_SIGNATURE ) { sig = node->pkt->pkt.signature; tty_printf(_(" signed by %08lX at %s\n"), - sig->keyid[1], datestr_from_sig(sig) ); + (ulong)sig->keyid[1], datestr_from_sig(sig) ); } } if( !any ) diff --git a/g10/revoke.c b/g10/revoke.c index 9890ec068..ef98dc235 100644 --- a/g10/revoke.c +++ b/g10/revoke.c @@ -130,7 +130,7 @@ gen_revoke( const char *uname ) tty_printf("\nsec %4u%c/%08lX %s ", nbits_from_sk( sk ), pubkey_letter( sk->pubkey_algo ), - sk_keyid[1], datestr_from_sk(sk) ); + (ulong)sk_keyid[1], datestr_from_sk(sk) ); { size_t n; char *p = get_user_id( sk_keyid, &n ); diff --git a/include/ChangeLog b/include/ChangeLog index 4edc52167..8d0b95844 100644 --- a/include/ChangeLog +++ b/include/ChangeLog @@ -1,3 +1,7 @@ +2001-05-25 Werner Koch <[email protected]> + + * ttyio.h (tty_printf): Add printf attribute. + 2001-04-23 Werner Koch <[email protected]> * http.h: New flag HTTP_FLAG_NO_SHUTDOWN. diff --git a/include/ttyio.h b/include/ttyio.h index 7341b323b..3202a47d8 100644 --- a/include/ttyio.h +++ b/include/ttyio.h @@ -21,7 +21,11 @@ #define G10_TTYIO_H int tty_batchmode( int onoff ); -void tty_printf( const char *fmt, ... ); +#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 ) + void tty_printf (const char *fmt, ... ) __attribute__ ((format (printf,1,2))); +#else + void tty_printf const char *fmt, ... ); +#endif void tty_print_string( byte *p, size_t n ); void tty_print_utf8_string( byte *p, size_t n ); void tty_print_utf8_string2( byte *p, size_t n, size_t max_n ); diff --git a/util/ChangeLog b/util/ChangeLog index 6d34f4c4a..e9d8da7b7 100644 --- a/util/ChangeLog +++ b/util/ChangeLog @@ -1,3 +1,12 @@ +2001-05-25 Werner Koch <[email protected]> + + * ttyio.c (do_get): Fixed a serious format string bug. Thanks to + fish stiqz. + +2001-05-23 Werner Koch <[email protected]> + + * secmem.c (EPERM): Try to work around a Slackware problem. + 2001-05-05 Werner Koch <[email protected]> * http.c (http_start_data): Flush before writing. diff --git a/util/secmem.c b/util/secmem.c index 80d328ae2..acf73e40f 100644 --- a/util/secmem.c +++ b/util/secmem.c @@ -42,6 +42,11 @@ #if defined(MAP_ANON) && !defined(MAP_ANONYMOUS) #define MAP_ANONYMOUS MAP_ANON #endif +/* It seems that Slackware 7.1 does not know about EPERM */ +#if !defined(EPERM) && defined(ENOMEM) + #define EPERM ENOMEM +#endif + #define DEFAULT_POOLSIZE 16384 diff --git a/util/ttyio.c b/util/ttyio.c index 4952ac6f0..a343060d7 100644 --- a/util/ttyio.c +++ b/util/ttyio.c @@ -308,7 +308,7 @@ do_get( const char *prompt, int hidden ) init_ttyfp(); last_prompt_len = 0; - tty_printf( prompt ); + tty_printf( "%s", prompt ); buf = m_alloc(n=50); i = 0; |