Bug#773507: [Pkg-gnupg-maint] Bug#773507: explicit buffer overrun
On Wed, 7 Jan 2015 06:54, gni...@fsij.org said: > - if (argc >= sizeof argv -1) > + if (argc >= DIM (argv) - 1) > { Ooops. That was probably my fault when I rewrite that function 10 years ago. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#773507: [Pkg-gnupg-maint] Bug#773507: explicit buffer overrun
On 01/07/2015 02:54 PM, NIIBE Yutaka wrote: > Here's my fix. I'm going to apply this change since it's obvious > simple fix and there will be no conflict. > > diff --git a/dirmngr/ldap.c b/dirmngr/ldap.c > index 478fdfd..00df167 100644 > --- a/dirmngr/ldap.c > +++ b/dirmngr/ldap.c > @@ -588,7 +588,7 @@ start_cert_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t > *context, >strlist_t sl; >char *url; > > - if (argc >= sizeof argv -1) > + if (argc >= DIM (argv) - 1) > { >/* Too many patterns. It does not make sense to allow an > arbitrary number of patters because the length of the Pushed. -- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#773507: [Pkg-gnupg-maint] Bug#773507: explicit buffer overrun
Hello, Thanks for your reviewing and reporting. This message is Cc-ed to gnupg-devel. On 12/19/2014 07:24 PM, Joshua Rogers wrote: > Package: gnupg2 > Version: 2.1.1 > Severity: normal > > in dirmngr/ldap.c on line 617, argv may be overflowed. > > 617: argv[argc++] = url; > > a check is made on line 591 that checks to see whether argv is less than or > email to 399, and if it does, exit. > But argv is char *argv[50], while argc is a normal int. > If argc is 398, it will pass that check. Right. Here's my fix. I'm going to apply this change since it's obvious simple fix and there will be no conflict. diff --git a/dirmngr/ldap.c b/dirmngr/ldap.c index 478fdfd..00df167 100644 --- a/dirmngr/ldap.c +++ b/dirmngr/ldap.c @@ -588,7 +588,7 @@ start_cert_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t *context, strlist_t sl; char *url; - if (argc >= sizeof argv -1) + if (argc >= DIM (argv) - 1) { /* Too many patterns. It does not make sense to allow an arbitrary number of patters because the length of the -- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org