Bug#773507: [Pkg-gnupg-maint] Bug#773507: explicit buffer overrun

2015-01-07 Thread Werner Koch 
On Wed,  7 Jan 2015 06:54, gni...@fsij.org said:

> -  if (argc >= sizeof argv -1)
> +  if (argc >= DIM (argv) - 1)
>  {

Ooops.  That was probably my fault when I rewrite that function 10 years
ago.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#773507: [Pkg-gnupg-maint] Bug#773507: explicit buffer overrun

2015-01-07 Thread NIIBE Yutaka 
On 01/07/2015 02:54 PM, NIIBE Yutaka wrote:
> Here's my fix.  I'm going to apply this change since it's obvious
> simple fix and there will be no conflict.
> 
> diff --git a/dirmngr/ldap.c b/dirmngr/ldap.c
> index 478fdfd..00df167 100644
> --- a/dirmngr/ldap.c
> +++ b/dirmngr/ldap.c
> @@ -588,7 +588,7 @@ start_cert_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t 
> *context,
>strlist_t sl;
>char *url;
> 
> -  if (argc >= sizeof argv -1)
> +  if (argc >= DIM (argv) - 1)
>  {
>/* Too many patterns.  It does not make sense to allow an
>   arbitrary number of patters because the length of the

Pushed.
-- 


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#773507: [Pkg-gnupg-maint] Bug#773507: explicit buffer overrun

2015-01-06 Thread NIIBE Yutaka 
Hello,

Thanks for your reviewing and reporting.  This message is Cc-ed to
gnupg-devel.

On 12/19/2014 07:24 PM, Joshua Rogers wrote:
> Package: gnupg2
> Version: 2.1.1
> Severity: normal
> 
> in dirmngr/ldap.c on line 617, argv may be overflowed.
> 
> 617: argv[argc++] = url;
> 
> a check is made on line 591 that checks to see whether argv is less than or 
> email to 399, and if it does, exit.
> But argv is char *argv[50], while argc is a normal int.
> If argc is 398, it will pass that check.

Right.

Here's my fix.  I'm going to apply this change since it's obvious
simple fix and there will be no conflict.

diff --git a/dirmngr/ldap.c b/dirmngr/ldap.c
index 478fdfd..00df167 100644
--- a/dirmngr/ldap.c
+++ b/dirmngr/ldap.c
@@ -588,7 +588,7 @@ start_cert_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t 
*context,
   strlist_t sl;
   char *url;

-  if (argc >= sizeof argv -1)
+  if (argc >= DIM (argv) - 1)
 {
   /* Too many patterns.  It does not make sense to allow an
  arbitrary number of patters because the length of the
-- 


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org