Page MenuHome GnuPG
Create Task
Maniphest T6737

libgpg-error: String filter should *NOT* be called with non-nul-terminated string
Open, NormalPublic
Actions

Description

In libgpg-error 1.33, formatting "%s", string filter is introduced.
But it may be "%.*s". In this case, string filter should not be called, because it may be non-nul-terminated string.
Otherwise, the process may get SEGV, in the call of filter accessing invalid memory scanning over allocated area.

(If we could be back in the day of 1.32, the filter function would have an argument for args->precision, though).

Details

External Link
https://lists.gnupg.org/pipermail/gnupg-users/2023-September/066725.html

Revisions and Commits

rE libgpg-error
rE0fc740ffca84 estream: String filter should NOT be called with non-nul string.

Event Timeline

gniibe claimed this task.Sep 27 2023, 3:54 AM
gniibe created this task.
gniibe added a project: gpgrt.
gniibe updated the task description. (Show Details)
gniibe added a commit: rE0fc740ffca84: estream: String filter should NOT be called with non-nul string..Sep 27 2023, 5:15 AM
werner triaged this task as Normal priority.Sep 30 2023, 2:08 PM
werner added a subscriber: werner.

I guess we should add an extended API to set the filter.

gniibe mentioned this in Unknown Object (Event).Oct 2 2023, 9:06 AM