gpg: Fix use of uninit.value in listing sig subpkts.
authorWerner Koch <wk@gnupg.org>
Mon, 24 Nov 2014 17:05:45 +0000 (18:05 +0100)
committerWerner Koch <wk@gnupg.org>
Mon, 24 Nov 2014 17:05:45 +0000 (18:05 +0100)
* g10/parse-packet.c (dump_sig_subpkt): Print regex subpacket
sanitized.
--

We may not use "%s" to print an arbitrary buffer.  At least "%.*s"
should have been used.  However, it is in general preferable to escape
control characters while printf user data.

Reported-by: Hanno Böck
Signed-off-by: Werner Koch <wk@gnupg.org>
g10/parse-packet.c

index f75e21c..58cb1c4 100644 (file)
@@ -1151,7 +1151,11 @@ dump_sig_subpkt (int hashed, int type, int critical,
       if (!length)
        p = "[invalid regexp subpacket]";
       else
-       es_fprintf (listfp, "regular expression: \"%s\"", buffer);
+        {
+          es_fprintf (listfp, "regular expression: \"");
+          es_write_sanitized (listfp, buffer, length, "\"", NULL);
+          p = "\"";
+        }
       break;
     case SIGSUBPKT_REVOCABLE:
       if (length)