[Pkg-gnupg-commit] [libassuan] 417/437: Do not allow LFs in the redirected name.
Eric Dorland
eric at moszumanska.debian.org
Fri May 22 05:34:11 UTC 2015
This is an automated email from the git hooks/post-receive script.
eric pushed a commit to branch master
in repository libassuan.
commit 0fce017100c5896cf9dc1fcbd4a39053651c3910
Author: Werner Koch <wk at gnupg.org>
Date: Fri Nov 28 21:30:52 2014 +0100
Do not allow LFs in the redirected name.
* src/assuan-socket.c (eval_redirection): Stop parsing at the first
LF.
--
Avoiding LFs in file names is better for logging.
---
src/assuan-socket.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/assuan-socket.c b/src/assuan-socket.c
index c8af51b..c392e93 100644
--- a/src/assuan-socket.c
+++ b/src/assuan-socket.c
@@ -287,8 +287,13 @@ eval_redirection (const char *fname, int *r_redirect)
return NULL;
}
buffer[n] = 0;
+
+ /* Check that it is a redirection file. We also check that the
+ first byte of the name is not a LF because that would lead to an
+ zero length name. */
if (n < 17 || buffer[n-1] != '\n'
- || memcmp (buffer, "%Assuan%\nsocket=", 16))
+ || memcmp (buffer, "%Assuan%\nsocket=", 16)
+ || buffer[16] == '\n')
{
gpg_err_set_errno (EINVAL);
return NULL;
@@ -333,6 +338,8 @@ eval_redirection (const char *fname, int *r_redirect)
}
p = pend;
}
+ else if (*p == '\n')
+ break; /* Be nice and stop at the first LF. */
else if (n < sizeof addr->sun_path - 1)
addr->sun_path[n++] = *p;
else
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/libassuan.git
More information about the Pkg-gnupg-commit
mailing list