gpg: Sanitize diagnostic with the original file name. - gnupg

diff options

author	Werner Koch <[email protected]>	2018-06-08 08:45:21 +0000
committer	Werner Koch <[email protected]>	2018-06-08 08:45:21 +0000
commit	13f135c7a252cc46cff96e75968d92b6dc8dce1b (patch)
tree	e50bf794037d967b0918906a99c6fc87ea4d5dcc /g10/gpg.c
parent	gpg: Improve import's repair-key duplicate signature detection. (diff)
download	gnupg-13f135c7a252cc46cff96e75968d92b6dc8dce1b.tar.gz gnupg-13f135c7a252cc46cff96e75968d92b6dc8dce1b.zip

gpg: Sanitize diagnostic with the original file name.

* g10/mainproc.c (proc_plaintext): Sanitize verbose output. -- This fixes a forgotten sanitation of user supplied data in a verbose mode diagnostic. The mention CVE is about using this to inject status-fd lines into the stderr output. Other harm good as well be done. Note that GPGME based applications are not affected because GPGME does not fold status output into stderr. CVE-id: CVE-2018-12020 GnuPG-bug-id: 4012

Diffstat (limited to 'g10/gpg.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: