gpg: Do not read from uninitialized memory with --list-packets.

* g10/parse-packet.c (parse_plaintext): Fill up the allocated NAME. -- This actually does not harm because we merely display a buffer allocated by ourselves. However, we better tell Valgrind about it so that we don't need to track this thing down ever again. Test using a corrupted literal data packet: echo cb 0a 75 ff 59 ae 90 d5 74 65 73 74 | \ undump |\ valgrind gpg --list-packets >/dev/null Reported-by: Sebastian Schinzel Signed-off-by: Werner Koch <[email protected]>
author: Werner Koch <[email protected]> 2017-11-26 17:33:49 +0000
committer: Werner Koch <[email protected]> 2017-11-26 17:33:49 +0000
commit: 4cf3cc6e3d48c8400466ca29c3f1c22ed2da6c2c (patch)
tree: d05422e7677d5fe545ebfd9fd112979e589eb5d7 /g10/parse-packet.c
parent: agent: New option --auto-expand-secmem. (diff)
download: gnupg-4cf3cc6e3d48c8400466ca29c3f1c22ed2da6c2c.tar.gz
gnupg-4cf3cc6e3d48c8400466ca29c3f1c22ed2da6c2c.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index 0b6ee8b4e..eee14f64e 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -3087,6 +3087,12 @@ parse_plaintext (IOBUF inp, int pkttype, unsigned long pktlen,
 	else
 	  pt->name[i] = c;
     }
+  /* Fill up NAME so that a check with valgrind won't complain about
+   * reading from uninitalized memory.  This case may be triggred by
+   * corrupted packets.  */
+  for (; i < namelen; i++)
+    pt->name[i] = 0;
+
   pt->timestamp = read_32 (inp);
   if (pktlen)
     pktlen -= 4;
author	Werner Koch <[email protected]>	2017-11-26 17:33:49 +0000
committer	Werner Koch <[email protected]>	2017-11-26 17:33:49 +0000
commit	4cf3cc6e3d48c8400466ca29c3f1c22ed2da6c2c (patch)
tree	d05422e7677d5fe545ebfd9fd112979e589eb5d7 /g10/parse-packet.c
parent	agent: New option --auto-expand-secmem. (diff)
download	gnupg-4cf3cc6e3d48c8400466ca29c3f1c22ed2da6c2c.tar.gz gnupg-4cf3cc6e3d48c8400466ca29c3f1c22ed2da6c2c.zip