Page MenuHome GnuPG
Create Task
Maniphest T4230

Port parsing is broken in misc.c host_and_port_from_url
Closed, ResolvedPublic
Actions

Description

Here:
https://dev.gnupg.org/source/gnupg/browse/master/dirmngr/misc.c;0240345728a84d8f235ce05889e83963e52742eb$518

strchr (buf, ':') should be used instead of strchr (p, ':') - There is also NULL dereference if the URL does not contain '/' after the hostname with this code.

Revisions and Commits

rG GnuPG
rG5ab58d3001b0 dirmngr: Fix LDAP port parsing.
rGa3a5a2451924 dirmngr: Fix LDAP port parsing.

Related Objects

Event Timeline

t8m created this task.Oct 25 2018, 3:00 PM
t8m created this object in space S1 Public.
werner triaged this task as High priority.Oct 25 2018, 5:46 PM
werner added projects: dirmngr, LDAP.
werner added a subscriber: werner.

Oh, that is really old code dating back to dirmngr-1. There is only one user I will see whether I can replace it with the generic parser we have in http.c

werner added a commit: rGa3a5a2451924: dirmngr: Fix LDAP port parsing..Nov 5 2018, 9:02 AM
werner added a commit: rG5ab58d3001b0: dirmngr: Fix LDAP port parsing..Nov 5 2018, 9:04 AM
werner closed this task as Resolved.Nov 5 2018, 9:27 AM
werner claimed this task.

Fixed in master and 2.2.

The fix was too obvious. So I did not replace the code and to possibly introducing other bugs. Thanks.

werner mentioned this in T4233: GnuPG 2.2.11 release.Nov 6 2018, 12:42 PM