diff options
| author | NIIBE Yutaka <[email protected]> | 2012-10-31 07:09:06 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2012-11-02 15:22:26 +0000 |
| commit | 8f8c29d24ca13f987e6c118702b428a2051b7072 (patch) | |
| tree | 272f147c424b6a109e753fdd203f2a113044bc5d | |
| parent | SCD: Upon error, open_pcsc_reader_wrapped does same as _direct. (diff) | |
| download | gnupg-8f8c29d24ca13f987e6c118702b428a2051b7072.tar.gz gnupg-8f8c29d24ca13f987e6c118702b428a2051b7072.zip | |
agent: Fix wrong use of gcry_sexp_build_array
* findkey.c (agent_public_key_from_file): Fix use of
gcry_sexp_build_array.
--
A test case leading to a segv in Libgcrypt is
gpg-connect-agent \
"READKEY 9277C5875C8AFFCB727661C18BE4E0A0DEED9260" /bye
The keygrip was created by "monkeysphere s", which has a comment.
gcry_sexp_build_array expects pointers to the arguments which is quite
surprising. Probably ARG_NEXT was accidentally implemented wrongly.
Anyway, we can't do anything about it and thus need to fix the check
the users of this function.
Some-comments-by: Werner Koch <[email protected]>
| -rw-r--r-- | agent/findkey.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/agent/findkey.c b/agent/findkey.c index 0b57390eb..b17870ef7 100644 --- a/agent/findkey.c +++ b/agent/findkey.c @@ -948,15 +948,15 @@ agent_public_key_from_file (ctrl_t ctrl, { p = stpcpy (p, "(uri %b)"); assert (argidx+1 < DIM (args)); - args[argidx++] = (void *)uri_length; - args[argidx++] = (void *)uri; + args[argidx++] = (void *)&uri_length; + args[argidx++] = (void *)&uri; } if (comment) { p = stpcpy (p, "(comment %b)"); assert (argidx+1 < DIM (args)); - args[argidx++] = (void *)comment_length; - args[argidx++] = (void*)comment; + args[argidx++] = (void *)&comment_length; + args[argidx++] = (void*)&comment; } *p++ = ')'; *p = 0; |