Fix uid parsing for ldap keyserver

* src/engine-gpg.c (gpg_keylist_preprocess): Check field count for uid and add fallback. -- This fixes accessing unintialized memory and resulting crashes in gpgrt_asprintf. GnuPG-Bug-Id: T3550
2017-12-01 09:44:47 +01:00 · 2017-12-01 09:44:47 +01:00 · 651b3d8207
commit 651b3d8207
parent f430165007
1 changed files with 14 additions and 3 deletions
--- a/src/engine-gpg.c
+++ b/src/engine-gpg.c
@ -2594,6 +2594,9 @@ gpg_keylist_preprocess (char *line, char **r_line)
 	 as defined in 5.2. Machine Readable Indexes of the OpenPGP
 	 HTTP Keyserver Protocol (draft).

+         For an ldap keyserver the format is:
+         uid:<escaped uid string>
+
 	 We want:
 	 uid:o<flags>::::<creatdate>:<expdate>:::<c-coded uid>:
      */
@ -2635,9 +2638,17 @@ gpg_keylist_preprocess (char *line, char **r_line)
 	  }
 	*dst = '\0';

-	if (gpgrt_asprintf (r_line, "uid:o%s::::%s:%s:::%s:",
-		      field[4], field[2], field[3], uid) < 0)
-	  return gpg_error_from_syserror ();
+        if (fields < 4)
+          {
+            if (gpgrt_asprintf (r_line, "uid:o::::::::%s:", uid) < 0)
+              return gpg_error_from_syserror ();
+          }
+        else
+          {
+            if (gpgrt_asprintf (r_line, "uid:o%s::::%s:%s:::%s:",
+                                field[4], field[2], field[3], uid) < 0)
+              return gpg_error_from_syserror ();
+          }
      }
      return 0;