gpg: Fix type mismatch resulting in a buffer overflow.
authorNeal H. Walfield <neal@g10code.com>
Wed, 2 Dec 2015 14:20:18 +0000 (15:20 +0100)
committerNeal H. Walfield <neal@g10code.com>
Wed, 2 Dec 2015 14:21:57 +0000 (15:21 +0100)
* g10/tofu.c (record_binding): Change policy_old's type from an enum
tofu_policy to a long: this variable is passed by reference and a long
is expected.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Reported-by: Justus Winter <justus@g10code.com>
Fixes-commit: f77913e

g10/tofu.c

index d340bfe..2433b7b 100644 (file)
@@ -1079,7 +1079,10 @@ record_binding (struct dbs *dbs, const char *fingerprint, const char *email,
   struct db *db_email = NULL, *db_key = NULL;
   int rc;
   char *err = NULL;
-  enum tofu_policy policy_old = TOFU_POLICY_NONE;
+  /* policy_old needs to be a long and not an enum tofu_policy,
+     because we pass it by reference to get_single_long_cb2, which
+     expects a long.  */
+  long policy_old = TOFU_POLICY_NONE;
 
   if (! (policy == TOFU_POLICY_AUTO
         || policy == TOFU_POLICY_GOOD