Fixed a possible W32 bufferoverflow

14 files changed, 240 insertions, 34 deletions

diff --git a/THANKS b/THANKS
index e1dca3c02..64682cd83 100644
--- a/THANKS
+++ b/THANKS
@@ -4,6 +4,7 @@ code.  Here is a list of those people.	Help me keep it complete and free of
 errors.
 
 Adam Mitchell		   [email protected]
+Albert Chin                [email protected]
 Alec Habig		   [email protected]
 Allan Clark		   [email protected]
 Anand Kumria		   [email protected]
diff --git a/TODO b/TODO
index a147646b0..8521e512c 100644
--- a/TODO
+++ b/TODO
@@ -1,4 +1,6 @@
 
+  * set default charset from nl_langinfo.
+
   * check all mpi_read() for error returns.
 
   * --preserve-perms so that permissions set on a secring don't get changed.
diff --git a/VERSION b/VERSION
index af0b7ddbf..558538557 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-1.0.6
+1.0.6a
diff --git a/checks/ChangeLog b/checks/ChangeLog
index 6b53da1d3..b403d324d 100644
--- a/checks/ChangeLog
+++ b/checks/ChangeLog
@@ -1,3 +1,7 @@
+2001-05-30  Werner Koch  <[email protected]>
+
+	* multisig.test (IFS): Reset IFS just before the test.
+
 2001-04-30  Werner Koch  <[email protected]>
 
 	* multisig.test: Add an set +x to avoid ksh problems
diff --git a/checks/multisig.test b/checks/multisig.test
index 2d366c2e1..7760eb587 100755
--- a/checks/multisig.test
+++ b/checks/multisig.test
@@ -123,7 +123,9 @@ save_IFS="${IFS}"
 IFS=""
 for i in "$sig_1ls1ls_valid" "$sig_ls_valid" "$sig_sl_valid"; do
     echo "$i" | $srcdir/run-gpg --dearmor >x
+    IFS="${save_IFS}"
     ../g10/gpg --homedir . --verify x 2>/dev/null || error "valid is invalid"
+    IFS=""
 done
 #for i in "$sig_11lss_valid_but_is_not" "$sig_11lss11lss_valid_but_is_not" \
 #         "$sig_ssl_valid_but_is_not"; do
@@ -136,7 +138,9 @@ set +e
 for i in "$sig_1lsls_invalid" "$sig_lsls_invalid" \
          "$sig_lss_invalid" "$sig_slsl_invalid" ; do
     echo "$i" | $srcdir/run-gpg --dearmor >x
+    IFS="${save_IFS}"
     ../g10/gpg --homedir . --verify <x 2>/dev/null && error "invalid is valid"
+    IFS=""
 done
 IFS="${save_IFS}"
 
diff --git a/gnupg.txt b/gnupg.txt
new file mode 100644
index 000000000..4bb5603c1
--- /dev/null
+++ b/gnupg.txt
@@ -0,0 +1,98 @@
+%%comments:
+Copyright (C) 2000, 2001 Free Software Foundation, Inc.
+
+Permission is granted to copy, distribute and/or modify this document
+under the terms of the GNU Free Documentation License, Version 1.1 or
+any later version published by the Free Software Foundation; with no
+Invariant Sections, with no Front-Cover Texts, and with no Back-Cover
+Texts. A copy of the license is included in the file COPYING.
+
+%%name: GnuPG
+
+%%short-description: Complete implementation of the OpenPGP Internet standard.
+ 
+%%full-description: A complete and free replacement for PGP. The
+program does not use any patented algorithms, and can be used as a
+filter program. Can handle all OpenPGP messages and messages generated
+by PGP 5.0 and newer unless they use the IDEA algorithm.
+
+Supports ElGamal (signature and encrytion), DSA, AES, 3DES, Blowfish,
+Twofish, CAST5, MD5, SHA-1, RIPE-MD-160 and TIGER, and has language
+support for sixteen different languages.
+
+It is believed to be fully OpenPGP (as defined in RFC2440) conform,
+and has integrated support for HKP keyservers. There are a lot of
+useful extra features like anonymous message recipients.
+
+%%category: security, administration, email
+
+%%license: GPL
+
+%%maintainer: Werner Koch <[email protected]>
+
+%%interface: Command line
+
+%%updated: 1 Jun 2001
+
+%%keywords: PGP, security, decryption, encryption, digital signatures 
+
+%%programs: 
+
+%%GNU: yes
+
+%%web-page: http://www.gnupg.org/
+
+%%support: Paid extension/consulting from http://www.g10code.com
+
+%%doc: English user manual available from:
+http://www.gnupg.org/gph/index.html; Spanish user manual available from:
+http://www.gnupg.org/gph/index.html; English HOWTO available from
+http://www.dewinter.com/gnupg_howto/english/; French HOWTO available
+from http://www.gnupg.org/howtos/fr/; German HOWTO available from
+http://www.gnupg.org/howtos/de/; Spanish HOWTO available from
+http://www.dewinter.com/gnupg_howto/spanish.
+ 
+%%developers: Matthew Skala, Michael Roth, Niklas Hernaeus, Remi
+Guyomarch, Werner Koch <[email protected]>.
+
+%%contributors: J. Michael Ashley
+
+%%sponsors: German Federal Ministry of Economics and Technology
+
+%%source: ftp://ftp.gnupg.org/gcrypt/gnupg
+
+%%debian: http://www.debian.org/Packages/stable/non-us/gnupg.html
+
+%%redhat: http://www.megaloman.com/~hany/RPM/gnupg.html
+
+%%repository: See http://www.gnupg.org/cvs-access.html
+
+%%related: shred
+
+%%source-language: C
+
+%%supported-languages:
+
+%%use-requirements:
+
+%%build-prerequisites:
+
+%%weak-prerequisites:
+
+%%source-prerequisites:
+
+%%version: 1.0.6 stable released on 29 May 2001
+
+%%announce-list: [email protected]
+
+%%announce-news:
+
+%%help-list: [email protected]
+
+%%help-news: 
+
+%%dev-list: [email protected]
+
+%%dev-news:
+
+%%bug-list: [email protected]
diff --git a/include/ChangeLog b/include/ChangeLog
index 8d0b95844..232d4b3e2 100644
--- a/include/ChangeLog
+++ b/include/ChangeLog
@@ -1,3 +1,9 @@
+2001-05-30  Werner Koch  <[email protected]>
+
+	* ttyio.h (tty_printf): Add missing parenthesis for non gcc.
+	* http.h: Removed trailing comma to make old ccs happy.  Both are
+	by Albert Chin.
+
 2001-05-25  Werner Koch  <[email protected]>
 
 	* ttyio.h (tty_printf): Add printf attribute.
diff --git a/include/http.h b/include/http.h
index c41f719d1..7e79ed2c1 100644
--- a/include/http.h
+++ b/include/http.h
@@ -51,7 +51,7 @@ typedef enum {
 
 enum {	/* put flag values into an enum, so that gdb can display them */
     HTTP_FLAG_TRY_PROXY = 1,
-    HTTP_FLAG_NO_SHUTDOWN = 2,
+    HTTP_FLAG_NO_SHUTDOWN = 2
 };
 
 struct http_context {
diff --git a/include/ttyio.h b/include/ttyio.h
index 3202a47d8..08ca994c9 100644
--- a/include/ttyio.h
+++ b/include/ttyio.h
@@ -24,7 +24,7 @@ int tty_batchmode( int onoff );
 #if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 )
  void tty_printf (const char *fmt, ... ) __attribute__ ((format (printf,1,2)));
 #else
- void tty_printf  const char *fmt, ... );
+ void tty_printf (const char *fmt, ... );
 #endif
 void tty_print_string( byte *p, size_t n );
 void tty_print_utf8_string( byte *p, size_t n );
diff --git a/include/util.h b/include/util.h
index f89dade7c..d8294f6db 100644
--- a/include/util.h
+++ b/include/util.h
@@ -207,10 +207,12 @@ int strcasecmp( const char *, const char *b);
   #define stricmp(a,b)	 strcasecmp( (a), (b) )
 #endif
 
-/*-- w32reg.c --*/
 #ifdef __MINGW32__
+/*-- w32reg.c --*/
 char *read_w32_registry_string( const char *root,
 				const char *dir, const char *name );
+/*-- strgutil.c --*/
+int vasprintf ( char **result, const char *format, va_list args);
 #endif
 
 /**** other missing stuff ****/
diff --git a/util/ChangeLog b/util/ChangeLog
index e9d8da7b7..a8854f618 100644
--- a/util/ChangeLog
+++ b/util/ChangeLog
@@ -1,3 +1,13 @@
+2001-06-06  Werner Koch  <[email protected]>
+
+	* strgutil.c (vasprintf) [__MINGW32__]: New. Taken from libiberty.
+	* ttyio.c (tty_printf) [__MINGW32__]:  Replaced the sprintf with
+	the new vasprintf. 
+
+2001-06-05  Werner Koch  <[email protected]>
+
+	* dotlock.c (make_dotlock): Typo fixes. 
+
 2001-05-25  Werner Koch  <[email protected]>
 
 	* ttyio.c (do_get): Fixed a serious format string bug.  Thanks to
diff --git a/util/dotlock.c b/util/dotlock.c
index 21385a707..6b65e62b2 100644
--- a/util/dotlock.c
+++ b/util/dotlock.c
@@ -237,7 +237,7 @@ make_dotlock( DOTLOCK h, long timeout )
 	    continue;
 	}
 	else if( pid == getpid() ) {
-	    log_info( "Oops: lock already hold by us\n");
+	    log_info( "Oops: lock already held by us\n");
 	    h->locked = 1;
 	    return 0; /* okay */
 	}
@@ -250,7 +250,7 @@ make_dotlock( DOTLOCK h, long timeout )
 	}
 	if( timeout == -1 ) {
 	    struct timeval tv;
-	    log_info( "waiting for lock (hold by %d%s) %s...\n",
+	    log_info( "waiting for lock (held by %d%s) %s...\n",
 		      pid, maybe_dead, maybe_deadlock(h)? "(deadlock?) ":"");
 
 
diff --git a/util/strgutil.c b/util/strgutil.c
index aba340aff..9a8cffe9e 100644
--- a/util/strgutil.c
+++ b/util/strgutil.c
@@ -1,5 +1,5 @@
 /* strgutil.c -  string utilities
- *	Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
+ * Copyright (C) 1994, 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -638,3 +638,100 @@ memicmp( const char *a, const char *b, size_t n )
 #endif
 
 
+#ifdef __MINGW32__
+/* 
+ * Like vsprintf but provides a pointer to malloc'd storage, which
+ * must be freed by the caller (m_free).  Taken from libiberty as
+ * found in gcc-2.95.2 and a little bit modernized.
+ * FIXME: Write a new CRT for W32.
+ */
+int
+vasprintf ( char **result, const char *format, va_list args)
+{
+  const char *p = format;
+  /* Add one to make sure that it is never zero, which might cause malloc
+     to return NULL.  */
+  int total_width = strlen (format) + 1;
+  va_list ap;
+
+  /* this is not really portable but works under Windows */
+  memcpy ( &ap, &args, sizeof (va_list));
+
+  while (*p != '\0')
+    {
+      if (*p++ == '%')
+	{
+	  while (strchr ("-+ #0", *p))
+	    ++p;
+	  if (*p == '*')
+	    {
+	      ++p;
+	      total_width += abs (va_arg (ap, int));
+	    }
+	  else
+            {
+              char *endp;  
+              total_width += strtoul (p, &endp, 10);
+              p = endp;
+            }
+	  if (*p == '.')
+	    {
+	      ++p;
+	      if (*p == '*')
+		{
+		  ++p;
+		  total_width += abs (va_arg (ap, int));
+		}
+	      else
+                {
+                  char *endp;
+                  total_width += strtoul (p, &endp, 10);
+                  p = endp;
+                }
+	    }
+	  while (strchr ("hlL", *p))
+	    ++p;
+	  /* Should be big enough for any format specifier except %s
+             and floats.  */
+	  total_width += 30;
+	  switch (*p)
+	    {
+	    case 'd':
+	    case 'i':
+	    case 'o':
+	    case 'u':
+	    case 'x':
+	    case 'X':
+	    case 'c':
+	      (void) va_arg (ap, int);
+	      break;
+	    case 'f':
+	    case 'e':
+	    case 'E':
+	    case 'g':
+	    case 'G':
+	      (void) va_arg (ap, double);
+	      /* Since an ieee double can have an exponent of 307, we'll
+		 make the buffer wide enough to cover the gross case. */
+	      total_width += 307;
+	    
+	    case 's':
+	      total_width += strlen (va_arg (ap, char *));
+	      break;
+	    case 'p':
+	    case 'n':
+	      (void) va_arg (ap, char *);
+	      break;
+	    }
+	}
+    }
+  *result = m_alloc (total_width);
+  if (*result != NULL)
+    return vsprintf (*result, format, args);
+  else
+    return 0;
+}
+
+#endif /*__MINGW32__*/
+
+
diff --git a/util/ttyio.c b/util/ttyio.c
index a343060d7..3106b5ae5 100644
--- a/util/ttyio.c
+++ b/util/ttyio.c
@@ -166,39 +166,21 @@ tty_printf( const char *fmt, ... )
 
     va_start( arg_ptr, fmt ) ;
   #ifdef __MINGW32__
-    { static char *buf;
-      static size_t bufsize;
-	int n;
+    {   
+        char *buf = NULL;
+        int n;
 	DWORD nwritten;
 
-      #if 0 /* the dox say, that there is a snprintf, but I didn't found
-	     * it, so we use a static buffer for now */
-	do {
-	    if( n == -1 || !buf ) {
-		m_free(buf);
-		bufsize += 200;
-		/* better check the new size; (we use M$ functions) */
-		if( bufsize > 50000 )
-		    log_bug("vsnprintf probably failed\n");
-		buf = m_alloc( bufsize );
-	    }
-	    n = _vsnprintf(buf, bufsize-1, fmt, arg_ptr);
-	} while( n == -1 );
-      #else
-	if( !buf ) {
-	    bufsize += 1000;
-	    buf = m_alloc( bufsize );
-	}
-	n = vsprintf(buf, fmt, arg_ptr);
-	if( n == -1 )
-	    log_bug("vsprintf() failed\n");
-      #endif
-
+	n = vasprintf(&buf, fmt, arg_ptr);
+	if( !buf )
+	    log_bug("vasprintf() failed\n");
+        
 	if( !WriteConsoleA( con.out, buf, n, &nwritten, NULL ) )
 	    log_fatal("WriteConsole failed: rc=%d", (int)GetLastError() );
 	if( n != nwritten )
-	    log_fatal("WriteConsole failed: %d != %d\n", n, nwritten );
+	    log_fatal("WriteConsole failed: %d != %d\n", n, (int)nwritten );
 	last_prompt_len += n;
+        m_free (buf);
     }
   #else
     last_prompt_len += vfprintf(ttyfp,fmt,arg_ptr) ;