diff options
| author | Werner Koch <[email protected]> | 2014-11-24 17:05:45 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2014-11-24 17:05:45 +0000 |
| commit | 596ae9f5433ca3b0e01f7acbe06fd2e424c42ae8 (patch) | |
| tree | 830acb8312e6625d5717622ed4ec800a3616cf36 /g10/parse-packet.c | |
| parent | gpg: Fix off-by-one read in the attribute subpacket parser. (diff) | |
| download | gnupg-596ae9f5433ca3b0e01f7acbe06fd2e424c42ae8.tar.gz gnupg-596ae9f5433ca3b0e01f7acbe06fd2e424c42ae8.zip | |
gpg: Fix use of uninit.value in listing sig subpkts.
* g10/parse-packet.c (dump_sig_subpkt): Print regex subpacket
sanitized.
--
We may not use "%s" to print an arbitrary buffer. At least "%.*s"
should have been used. However, it is in general preferable to escape
control characters while printf user data.
Reported-by: Hanno Böck
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'g10/parse-packet.c')
| -rw-r--r-- | g10/parse-packet.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/g10/parse-packet.c b/g10/parse-packet.c index f75e21ccb..58cb1c45e 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -1151,7 +1151,11 @@ dump_sig_subpkt (int hashed, int type, int critical, if (!length) p = "[invalid regexp subpacket]"; else - es_fprintf (listfp, "regular expression: \"%s\"", buffer); + { + es_fprintf (listfp, "regular expression: \""); + es_write_sanitized (listfp, buffer, length, "\"", NULL); + p = "\""; + } break; case SIGSUBPKT_REVOCABLE: if (length) |