From 25036ec6abbc0c9d0003dcfe227724038c35a304 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 14 May 2014 16:32:49 +0200
Subject: gpg: Fix uninitialized access to search descindex with gpg keyboxes.

* kbx/keybox-search.c (keybox_search): Add arg  R_DESCINDEX.  Chnage
both callers.
* g10/keydb.c (keydb_search): Always set DESCINDEX.
--

This only affects the new keybox for OpenPGP keys in 2.1.  The bug
exhibited itself by running GPA's backup command on Windows.
---
 g10/keydb.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'g10')

diff --git a/g10/keydb.c b/g10/keydb.c
index 9085012f7..688c24c6f 100644
--- a/g10/keydb.c
+++ b/g10/keydb.c
@@ -1319,6 +1319,9 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
 {
   gpg_error_t rc;
 
+  if (descindex)
+    *descindex = 0; /* Make sure it is always set on return.  */
+
   if (!hd)
     return gpg_error (GPG_ERR_INV_ARG);
 
@@ -1333,6 +1336,7 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
       && keyblock_cache.kid[0] == desc[0].u.kid[0]
       && keyblock_cache.kid[1] == desc[0].u.kid[1])
     {
+      /* (DESCINDEX is already set).  */
       if (DBG_CLOCK)
         log_clock ("keydb_search leave (cached)");
       return 0;
@@ -1352,7 +1356,8 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
                                ndesc, descindex);
           break;
         case KEYDB_RESOURCE_TYPE_KEYBOX:
-          rc = keybox_search (hd->active[hd->current].u.kb, desc, ndesc);
+          rc = keybox_search (hd->active[hd->current].u.kb, desc,
+                              ndesc, descindex);
           break;
         }
       if (rc == -1 || gpg_err_code (rc) == GPG_ERR_EOF)
-- 
cgit v1.2.3