estream: String filter should NOT be called with non-nul string.

* src/estream-printf.c (pr_string): Call the string filter function SF
conditionally to avoid possible SEGV.

--

GnuPG-bug-id: 6737
Signed-off-by: NIIBE Yutaka <[email protected]>

1 files changed, 8 insertions, 3 deletions

diff --git a/src/estream-printf.c b/src/estream-printf.c
index 831af55..5f12ba9 100644
--- a/src/estream-printf.c
+++ b/src/estream-printf.c
@@ -1191,17 +1191,22 @@ pr_string (estream_printf_out_t outfnc, void *outfncarg,
   int rc;
   size_t n;
   const char *string, *s;
+  /* If a precision is specified, no NUL byte need to be present.  We
+   can only call the string filter with a NUL-terminated string.  In
+   future, when breaking API/ABI is OK, we can change signature of
+   gpgrt_string_filter_t to have another argument for precision.  */
+  int allow_non_nul_string = (arg->precision >= 0);
 
   if (arg->vt != VALTYPE_STRING)
     return -1;
-  if (sf)
+  if (sf && !allow_non_nul_string)
     string = sf (value.a_string, string_no, sfvalue);
   else
     string = value.a_string;
 
   if (!string)
     string = "(null)";
-  if (arg->precision >= 0)
+  if (allow_non_nul_string)
     {
       /* Test for nul after N so that we can pass a non-nul terminated
          string.  */
@@ -1235,7 +1240,7 @@ pr_string (estream_printf_out_t outfnc, void *outfncarg,
   rc = 0;
 
  leave:
-  if (sf) /* Tell the filter to release resources.  */
+  if (sf && !allow_non_nul_string) /* Tell the filter to release resources.  */
     sf (value.a_string, -1, sfvalue);
 
   return rc;