From c73d75103cbd34975e2bd28e9924caee05eaf829 Mon Sep 17 00:00:00 2001
From: "Neal H. Walfield" <neal@g10code.com>
Date: Wed, 2 Dec 2015 15:20:18 +0100
Subject: gpg: Fix type mismatch resulting in a buffer overflow.

* g10/tofu.c (record_binding): Change policy_old's type from an enum
tofu_policy to a long: this variable is passed by reference and a long
is expected.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Reported-by: Justus Winter <justus@g10code.com>
Fixes-commit: f77913e
---
 g10/tofu.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/g10/tofu.c b/g10/tofu.c
index d340bfeb1..2433b7b4e 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -1079,7 +1079,10 @@ record_binding (struct dbs *dbs, const char *fingerprint, const char *email,
   struct db *db_email = NULL, *db_key = NULL;
   int rc;
   char *err = NULL;
-  enum tofu_policy policy_old = TOFU_POLICY_NONE;
+  /* policy_old needs to be a long and not an enum tofu_policy,
+     because we pass it by reference to get_single_long_cb2, which
+     expects a long.  */
+  long policy_old = TOFU_POLICY_NONE;
 
   if (! (policy == TOFU_POLICY_AUTO
 	 || policy == TOFU_POLICY_GOOD
-- 
cgit v1.2.3