From 25036ec6abbc0c9d0003dcfe227724038c35a304 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Wed, 14 May 2014 16:32:49 +0200 Subject: gpg: Fix uninitialized access to search descindex with gpg keyboxes. * kbx/keybox-search.c (keybox_search): Add arg R_DESCINDEX. Chnage both callers. * g10/keydb.c (keydb_search): Always set DESCINDEX. -- This only affects the new keybox for OpenPGP keys in 2.1. The bug exhibited itself by running GPA's backup command on Windows. --- kbx/keybox-search.c | 7 ++++++- kbx/keybox.h | 5 ++--- 2 files changed, 8 insertions(+), 4 deletions(-) (limited to 'kbx') diff --git a/kbx/keybox-search.c b/kbx/keybox-search.c index 798079488..ba284f9b5 100644 --- a/kbx/keybox-search.c +++ b/kbx/keybox-search.c @@ -720,7 +720,8 @@ keybox_search_reset (KEYBOX_HANDLE hd) /* Note: When in ephemeral mode the search function does visit all blobs but in standard mode, blobs flagged as ephemeral are ignored. */ int -keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc) +keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc, + size_t *r_descindex) { int rc; size_t n; @@ -945,6 +946,10 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc) } continue; found: + /* Record which DESC we matched on. Note this value is only + meaningful if this function returns with no errors. */ + if(r_descindex) + *r_descindex = n; for (n=any_skip?0:ndesc; n < ndesc; n++) { /* if (desc[n].skipfnc */ diff --git a/kbx/keybox.h b/kbx/keybox.h index 5b2943747..4c447a577 100644 --- a/kbx/keybox.h +++ b/kbx/keybox.h @@ -83,7 +83,8 @@ int keybox_get_cert (KEYBOX_HANDLE hd, ksba_cert_t *ret_cert); int keybox_get_flags (KEYBOX_HANDLE hd, int what, int idx, unsigned int *value); int keybox_search_reset (KEYBOX_HANDLE hd); -int keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc); +int keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc, + size_t *r_descindex); /*-- keybox-update.c --*/ @@ -109,8 +110,6 @@ int keybox_compress (KEYBOX_HANDLE hd); #if 0 int keybox_locate_writable (KEYBOX_HANDLE hd); -int keybox_search_reset (KEYBOX_HANDLE hd); -int keybox_search (KEYBOX_HANDLE hd, KEYDB_SEARCH_DESC *desc, size_t ndesc); int keybox_rebuild_cache (void *); #endif -- cgit v1.2.3