diff options
| author | Daniel Kahn Gillmor <[email protected]> | 2019-07-24 23:26:10 +0000 |
|---|---|---|
| committer | Daniel Kahn Gillmor <[email protected]> | 2019-07-24 23:56:23 +0000 |
| commit | efffd9907b7501323bae89ae515bc26312aaab15 (patch) | |
| tree | bf368c19e76802b0b9cd9ca34fd365b4241fef18 | |
| parent | gpg,gpgsm: Handle pkdecrypt responses with or without NUL terminators (diff) | |
| download | gnupg-dkg-fix-T4652.tar.gz gnupg-dkg-fix-T4652.zip | |
agent: Do not place a trailing NUL byte on S-expressionsdkg-fix-T4652
* agent/pkdecrypt.c (agent_pkdecrypt): Avoid appending a trailing NUL
byte at the end of the generated S-expression.
--
In many cases, a canonical S-expression may have an embedded NUL
anyway (especially if it contains raw cryptographic key material or
other high-entropy bytestrings), so trying to treat a canonical
S-expression as a C string is likely to be dangerous -- better to not
leave any such expectations.
With the previous commit addressing the otherwise brittle consumers of
pkdecrypt, this should now be safe to do.
GnuPG-bug-id: 4652
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
| -rw-r--r-- | agent/pkdecrypt.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/agent/pkdecrypt.c b/agent/pkdecrypt.c index ec23daf83..23b9c1a0b 100644 --- a/agent/pkdecrypt.c +++ b/agent/pkdecrypt.c @@ -95,7 +95,7 @@ agent_pkdecrypt (ctrl_t ctrl, const char *desc_text, put_membuf_printf (outbuf, "(5:value%u:", (unsigned int)len); put_membuf (outbuf, buf, len); - put_membuf (outbuf, ")", 2); + put_membuf (outbuf, ")", 1); } else { /* No smartcard, but a private key */ @@ -130,7 +130,7 @@ agent_pkdecrypt (ctrl_t ctrl, const char *desc_text, part. Turn it into a complete S-expression. */ put_membuf (outbuf, "(5:value", 8); put_membuf (outbuf, buf, len); - put_membuf (outbuf, ")", 2); + put_membuf (outbuf, ")", 1); } } |