gpg: Fix use of uninit.value in listing sig subpkts.
authorWerner Koch <wk@gnupg.org>
Mon, 24 Nov 2014 18:41:46 +0000 (19:41 +0100)
committerWerner Koch <wk@gnupg.org>
Mon, 24 Nov 2014 18:41:46 +0000 (19:41 +0100)
* g10/parse-packet.c (dump_sig_subpkt): Print regex subpacket
sanitized.
--

We may not use "%s" to print an arbitrary buffer.  At least "%.*s"
should have been used.  However, it is in general preferable to escape
control characters while printf user data.

Reported-by: Hanno Böck
Signed-off-by: Werner Koch <wk@gnupg.org>
(backported from commit 596ae9f5433ca3b0e01f7acbe06fd2e424c42ae8)

g10/parse-packet.c

index db1702f..01600e4 100644 (file)
@@ -892,13 +892,18 @@ dump_sig_subpkt( int hashed, int type, int critical,
        if(length!=2)
          p="[invalid trust subpacket]";
        else
-         fprintf (listfp, "trust signature of depth %d, value %d",buffer[0],buffer[1]);
+         fprintf (listfp, "trust signature of depth %d, value %d",
+                   buffer[0],buffer[1]);
        break;
       case SIGSUBPKT_REGEXP:
        if(!length)
          p="[invalid regexp subpacket]";
        else
-         fprintf (listfp, "regular expression: \"%s\"",buffer);
+          {
+            fprintf (listfp, "regular expression: \"");
+            print_string (listfp, buffer, length, '\"');
+            p = "\"";
+          }
        break;
       case SIGSUBPKT_REVOCABLE:
        if( length )