diff options
| author | NIIBE Yutaka <[email protected]> | 2012-10-31 07:09:06 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2012-11-02 15:32:15 +0000 |
| commit | d5c46ac6f447e92722fd7e904bf520b1265a0ce0 (patch) | |
| tree | 9aba97c83235b16bb82ee5164ec55cdc89d0c191 | |
| parent | SCD: Upon error, open_pcsc_reader_wrapped does same as _direct. (diff) | |
| download | gnupg-d5c46ac6f447e92722fd7e904bf520b1265a0ce0.tar.gz gnupg-d5c46ac6f447e92722fd7e904bf520b1265a0ce0.zip | |
agent: Fix wrong use of gcry_sexp_build_array
* findkey.c (agent_public_key_from_file): Fix use of
gcry_sexp_build_array.
--
A test case leading to a segv in Libgcrypt is
gpg-connect-agent \
"READKEY 9277C5875C8AFFCB727661C18BE4E0A0DEED9260" /bye
The keygrip was created by "monkeysphere s", which has a comment.
gcry_sexp_build_array expects pointers to the arguments which is quite
surprising. Probably ARG_NEXT was accidentally implemented wrongly.
Anyway, we can't do anything about it and thus need to fix the check
the users of this function.
Some-comments-by: Werner Koch <[email protected]>
| -rw-r--r-- | agent/findkey.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/agent/findkey.c b/agent/findkey.c index 800db88f3..550e40319 100644 --- a/agent/findkey.c +++ b/agent/findkey.c @@ -824,15 +824,15 @@ agent_public_key_from_file (ctrl_t ctrl, { p = stpcpy (p, "(uri %b)"); assert (argidx+1 < DIM (args)); - args[argidx++] = (void *)uri_length; - args[argidx++] = (void *)uri; + args[argidx++] = (void *)&uri_length; + args[argidx++] = (void *)&uri; } if (comment) { p = stpcpy (p, "(comment %b)"); assert (argidx+1 < DIM (args)); - args[argidx++] = (void *)comment_length; - args[argidx++] = (void*)comment; + args[argidx++] = (void *)&comment_length; + args[argidx++] = (void*)&comment; } *p++ = ')'; *p = 0; |