Minor fixes for GnuPG 1.2.3
David Shaw
dshaw at jabberwocky.com
Fri Dec 5 10:44:15 CET 2003
On Fri, Dec 05, 2003 at 08:33:52AM +0100, Christian Biere wrote:
> iobuf_put( a, '+' );
> else {
> char numbuf[5];
> - sprintf(numbuf, "%%%02X", *p );
> + sprintf(numbuf, "%%%02X", (unsigned char)*p );
"*p" is a "byte *". byte is already an unsigned char, no? There are
a lot of places throughout the code here and in 'gpg' itself where it
is required to be unsigned...
> if(strcmp(line,"-----BEGIN PGP PUBLIC KEY BLOCK-----\n")==0)
> {
> - fprintf(output,line);
> + fprintf(output,"%s",line);
> gotit=1;
> }
This isn't a bug. You can't get to the bad printf unless line is
confirmed safe.
> /* Nail that last space */
> - searchkey[strlen(searchkey)-1]='\0';
> + if (*searchkey)
> + searchkey[strlen(searchkey)-1]='\0';
This is safe as well. You can't get to here unless there is a key to
search for, so searchkey will never be zero length. Good catch,
though. I'm going to change it anyway.
David
More information about the Gnupg-devel
mailing list