diff options
| author | Werner Koch <[email protected]> | 2014-05-08 18:35:57 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2014-05-08 18:35:57 +0000 |
| commit | de4a1ea684e1591975feb801e7651309e1ee2c49 (patch) | |
| tree | 0ff9ef71c8fa36809d10e00bd04c5b5a4ff4252e | |
| parent | Map public key algos returned by gpg to gpgme values. (diff) | |
| download | gpgme-de4a1ea684e1591975feb801e7651309e1ee2c49.tar.gz gpgme-de4a1ea684e1591975feb801e7651309e1ee2c49.zip | |
Fix a memory access and a double slash bug.
* src/engine-spawn.c (engspawn_start): Allocate space for list
terminator.
* src/posix-util.c (walk_path): Fix trailing slash detection.
--
Kudos to Valgrind for pointing out these two problems.
The first is a plain allocation bug in a code pattern I have written
thousands of times - this time it went wrong. The allocation is not
user controlled thus not directly exploitable.
The second is missed to do what it intended to do. Found due to the
access of malloced but not initialized memory. Not using calloc
again proved to be helpful to detect logical error.
| -rw-r--r-- | src/engine-spawn.c | 2 | ||||
| -rw-r--r-- | src/posix-util.c | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/src/engine-spawn.c b/src/engine-spawn.c index bfcad3d9..8ffc6280 100644 --- a/src/engine-spawn.c +++ b/src/engine-spawn.c @@ -250,7 +250,7 @@ engspawn_start (engine_spawn_t esp, const char *file, const char *argv[], n = 0; for (i = 0; esp->fd_data_map[i].data; i++) n++; - fd_list = calloc (n, sizeof *fd_list); + fd_list = calloc (n+1, sizeof *fd_list); if (!fd_list) return gpg_error_from_syserror (); diff --git a/src/posix-util.c b/src/posix-util.c index e78cd771..f7e0a171 100644 --- a/src/posix-util.c +++ b/src/posix-util.c @@ -95,7 +95,7 @@ walk_path (const char *pgm) { for (s=path, p=fname; *s && *s != ':'; s++, p++) *p = *s; - if (*p != '/') + if (p != fname && p[-1] != '/') *p++ = '/'; strcpy (p, pgm); if (!access (fname, X_OK)) |