heap overflow - my bad for not using the returned length and instead assuming NULL termination :(. sync
authorKrista 'DarthMama' Bennett <krista@pep.foundation>
Tue, 28 May 2019 15:53:52 +0200
branchsync
changeset 3751c40e8cffdb1d
parent 3739 523fb9710660
child 3752 856412ae847e
heap overflow - my bad for not using the returned length and instead assuming NULL termination :(.
src/pgp_sequoia.c
     1.1 --- a/src/pgp_sequoia.c	Tue May 21 07:04:51 2019 +0200
     1.2 +++ b/src/pgp_sequoia.c	Tue May 28 15:53:52 2019 +0200
     1.3 @@ -803,8 +803,11 @@
     1.4                   
     1.5              }
     1.6              else {
     1.7 -                const char* split = strstr(uid_value, "<");
     1.8 -                if (split != uid_value) {       
     1.9 +                // Ok, asan gets really pissed at us using this string directly, SO...
    1.10 +                char* uid_copy = calloc(uid_value_len + 1, 1);
    1.11 +                strlcpy(uid_copy, uid_value, uid_value_len);
    1.12 +                const char* split = strstr(uid_copy, "<");
    1.13 +                if (split != uid_copy) {       
    1.14                      while (split) {
    1.15                          if (isspace(*(split - 1)))
    1.16                              break;
    1.17 @@ -831,9 +834,10 @@
    1.18                      else  
    1.19                          split = NULL;
    1.20                  }
    1.21 -                if (split == NULL) {
    1.22 -                    email = strdup(uid_value);
    1.23 -                }
    1.24 +                if (split == NULL)
    1.25 +                    email = uid_copy;
    1.26 +                else 
    1.27 +                    free(uid_copy);
    1.28              }
    1.29          }
    1.30          
    1.31 @@ -2655,4 +2659,3 @@
    1.32        fpr, *has_private ? "priv" : "pub", pEp_status_to_string(status));
    1.33      return status;
    1.34  }
    1.35 -