Diffusion GnuPG efffd9907b75

agent: Do not place a trailing NUL byte on S-expressions

Authored by dkg on Jul 25 2019, 1:26 AM.

Description

agent: Do not place a trailing NUL byte on S-expressions

* agent/pkdecrypt.c (agent_pkdecrypt): Avoid appending a trailing NUL
byte at the end of the generated S-expression.

In many cases, a canonical S-expression may have an embedded NUL
anyway (especially if it contains raw cryptographic key material or
other high-entropy bytestrings), so trying to treat a canonical
S-expression as a C string is likely to be dangerous -- better to not
leave any such expectations.

With the previous commit addressing the otherwise brittle consumers of
pkdecrypt, this should now be safe to do.

  • GnuPG-bug-id: T4652
  • Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>