[Announce] new gnupg snapshot
tftp
tftp at yahoo.com
Sat Apr 14 14:53:01 CEST 2001
--- Jan Niehusmann <jan at gondor.com> wrote:
> Looking at the code, the fix is fairly obvious:
>
> --- gnupg-1.0.4g/g10/getkey.c.orig Sat Apr 14 13:40:55 2001
> +++ gnupg-1.0.4g/g10/getkey.c Sat Apr 14 13:41:53 2001
> @@ -1363,13 +1363,14 @@
> fixup_uidnode ( KBNODE uidnode, KBNODE signode )
> {
> PKT_user_id *uid = uidnode->pkt->pkt.user_id;
> - PKT_signature *sig = signode->pkt->pkt.signature;
> + PKT_signature *sig;
> const byte *p;
> size_t n;
Such assignments must be outlawed in first place. Rule #0 is that
a procedure must tolerate incorrect parameters. But here we have
two source pointers (any of which can be NULL), and they get
dereferenced without checking! Checks for zero, however, are -extremely-
cheap (one command on most CPUs).
This patch fixes one problem but leaves the door open for more.
Probably all the code has to be reworked to add sanity checks to
all procedures.
Cheers,
Dmitri
__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/
More information about the Gnupg-devel
mailing list