From 651b3d8207cc7d85699f89fc4c21cb1243453aa8 Mon Sep 17 00:00:00 2001
From: Andre Heinecke <aheinecke@intevation.de>
Date: Fri, 1 Dec 2017 09:44:47 +0100
Subject: [PATCH] Fix uid parsing for ldap keyserver

* src/engine-gpg.c (gpg_keylist_preprocess): Check field count
for uid and add fallback.

--
This fixes accessing unintialized memory and resulting
crashes in gpgrt_asprintf.

GnuPG-Bug-Id: T3550
---
 src/engine-gpg.c | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/src/engine-gpg.c b/src/engine-gpg.c
index 5ce04f0a..bfe7d131 100644
--- a/src/engine-gpg.c
+++ b/src/engine-gpg.c
@@ -2594,6 +2594,9 @@ gpg_keylist_preprocess (char *line, char **r_line)
 	 as defined in 5.2. Machine Readable Indexes of the OpenPGP
 	 HTTP Keyserver Protocol (draft).
 
+         For an ldap keyserver the format is:
+         uid:<escaped uid string>
+
 	 We want:
 	 uid:o<flags>::::<creatdate>:<expdate>:::<c-coded uid>:
       */
@@ -2635,9 +2638,17 @@ gpg_keylist_preprocess (char *line, char **r_line)
 	  }
 	*dst = '\0';
 
-	if (gpgrt_asprintf (r_line, "uid:o%s::::%s:%s:::%s:",
-		      field[4], field[2], field[3], uid) < 0)
-	  return gpg_error_from_syserror ();
+        if (fields < 4)
+          {
+            if (gpgrt_asprintf (r_line, "uid:o::::::::%s:", uid) < 0)
+              return gpg_error_from_syserror ();
+          }
+        else
+          {
+            if (gpgrt_asprintf (r_line, "uid:o%s::::%s:%s:::%s:",
+                                field[4], field[2], field[3], uid) < 0)
+              return gpg_error_from_syserror ();
+          }
       }
       return 0;