gpgkeys_hkp crashes when the query contains non-ASCII UTF-8 characters
Closed, ResolvedPublic

Description

Release: 1.4.4

Environment

i386, Linux, ELF

Description

gpg --keyserver pgp.mit.edu --search-key é (the last character is e acute) crashes.

The curl_escape() function (curl-shim.c:309) is accidentally passing the first byte of é as a signed char into sprintf(), at which point the value is getting sign-extended to a signed integer. When sprintf() interprets the value on the stack as an unsigned integer, the value doesn't fit into the buffer it's been passed.

Fix

Cast the value to an unsigned char before passing it to sprintf().

nalin added a subscriber: nalin.Jul 13 2006, 12:28 AM

dshaw added a subscriber: dshaw.Jul 13 2006, 12:42 AM

Fixed, thanks! I also took care of a similar potential
problem in gpgkeys_ldap.c (it wasn't a problem as the
delimiter was 7-bit clean, but best to fix it anyway).

dshaw closed this task as Resolved.Jul 13 2006, 12:42 AM