From 0fc740ffca848d17b8c71d1682de1e29b24db3cb Mon Sep 17 00:00:00 2001 From: NIIBE Yutaka Date: Wed, 27 Sep 2023 11:01:31 +0900 Subject: estream: String filter should NOT be called with non-nul string. * src/estream-printf.c (pr_string): Call the string filter function SF conditionally to avoid possible SEGV. -- GnuPG-bug-id: 6737 Signed-off-by: NIIBE Yutaka --- src/estream-printf.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/estream-printf.c b/src/estream-printf.c index 831af55..5f12ba9 100644 --- a/src/estream-printf.c +++ b/src/estream-printf.c @@ -1191,17 +1191,22 @@ pr_string (estream_printf_out_t outfnc, void *outfncarg, int rc; size_t n; const char *string, *s; + /* If a precision is specified, no NUL byte need to be present. We + can only call the string filter with a NUL-terminated string. In + future, when breaking API/ABI is OK, we can change signature of + gpgrt_string_filter_t to have another argument for precision. */ + int allow_non_nul_string = (arg->precision >= 0); if (arg->vt != VALTYPE_STRING) return -1; - if (sf) + if (sf && !allow_non_nul_string) string = sf (value.a_string, string_no, sfvalue); else string = value.a_string; if (!string) string = "(null)"; - if (arg->precision >= 0) + if (allow_non_nul_string) { /* Test for nul after N so that we can pass a non-nul terminated string. */ @@ -1235,7 +1240,7 @@ pr_string (estream_printf_out_t outfnc, void *outfncarg, rc = 0; leave: - if (sf) /* Tell the filter to release resources. */ + if (sf && !allow_non_nul_string) /* Tell the filter to release resources. */ sf (value.a_string, -1, sfvalue); return rc; -- cgit v1.2.3