[Pkg-gnupg-commit] [gnupg2] 22/159: gpg: Fix buffer overflow.

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Jan 27 13:23:50 UTC 2016


This is an automated email from the git hooks/post-receive script.

dkg pushed a commit to branch master
in repository gnupg2.

commit 1605e34fc365edd473aac15c9b4e5aadc1d95cf5
Author: Neal H. Walfield <neal at g10code.com>
Date:   Fri Dec 11 14:40:23 2015 +0100

    gpg: Fix buffer overflow.
    
    * g10/keydb.c (keydb_search_desc_dump): Fix buffer overflow.
    
    --
    Signed-off-by: Neal H. Walfield <neal at walfield.org>
    Regression-due-to: 11ec478
    
    Note: this buffer overflow will only occur if --debug=lookup is passed
    to gpg and a search by fingerprint is done.
---
 g10/keydb.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/g10/keydb.c b/g10/keydb.c
index 97dfb5f..d7c35de 100644
--- a/g10/keydb.c
+++ b/g10/keydb.c
@@ -470,7 +470,7 @@ char *
 keydb_search_desc_dump (struct keydb_search_desc *desc)
 {
   char b[MAX_FORMATTED_FINGERPRINT_LEN + 1];
-  char fpr[MAX_FINGERPRINT_LEN + 1];
+  char fpr[2 * MAX_FINGERPRINT_LEN + 1];
 
   switch (desc->mode)
     {

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git



More information about the Pkg-gnupg-commit mailing list