Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/crypto/external/bsd/netpgp/dist/src/lib netpgp: fix use afte...

details:   https://anonhg.NetBSD.org/src/rev/7ba2952fd1d4
branches:  trunk
changeset: 369654:7ba2952fd1d4
user:      rillig <rillig%NetBSD.org@localhost>
date:      Sat Aug 27 08:30:06 2022 +0000

description:
netpgp: fix use after free when reading pubkey

To reproduce:
srcdir=...
objdir=...
cd "$srcdir"/crypto/external/bsd/netpgp/dist/bindings/lua
cp "$objdir"/crypto/external/bsd/netpgp/bindings/lua/netpgp.so \
    ./libluanetpgp.so
LD_LIBRARY_PATH="." MALLOC_CONF=junk:true lua netpgp.lua

> $HOME/.gnupg/pubring.gpg: No such file or directory
> Can't read pubring ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ

diffstat:

 crypto/external/bsd/netpgp/dist/src/lib/netpgp.c |  4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diffs (23 lines):

diff -r b88ac14618d6 -r 7ba2952fd1d4 crypto/external/bsd/netpgp/dist/src/lib/netpgp.c
--- a/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c  Sat Aug 27 08:30:04 2022 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c  Sat Aug 27 08:30:06 2022 +0000
@@ -34,7 +34,7 @@
 
 #if defined(__NetBSD__)
 __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: netpgp.c,v 1.103 2020/03/21 01:07:21 jhigh Exp $");
+__RCSID("$NetBSD: netpgp.c,v 1.104 2022/08/27 08:30:06 rillig Exp $");
 #endif
 
 #include <sys/types.h>
@@ -297,9 +297,9 @@
 
        filename = keyringfile(netpgp, name);
        if (!pgp_keyring_fileread(keyring, noarmor, filename)) {
+               (void) fprintf(stderr, "Can't read %s %s\n", name, filename);
                free(filename);
                free(keyring);
-               (void) fprintf(stderr, "Can't read %s %s\n", name, filename);
                return NULL;
        }
        netpgp_setvar(netpgp, name, filename);
Home | Main Index | Thread Index | Old Index