changeset: 6384:5a86319adad0
user: Kevin McCarthy <[email protected]>
date: Mon Jan 05 18:28:59 2015 -0800
link: http://dev.mutt.org/hg/mutt/rev/5a86319adad0
Fix segv in pgp_getkeybystr(). (closes #3725)
When searching for keys, and the user supplies "" to match against,
pgp_getkeybystr will have values:
p = "";
l = 0;
After returning from pgp_select_key(), it will try to assign to
p[l-1].
(As a note, the function is chopping off and restoring the trailing
"!" character because of ticket #1928.)
diffs (19 lines):
diff -r 1b583341d5ad -r 5a86319adad0 pgpkey.c
--- a/pgpkey.c Sun Sep 07 11:04:54 2014 -0700
+++ b/pgpkey.c Mon Jan 05 18:28:59 2015 -0800
@@ -985,13 +985,13 @@
pgp_remove_key (&matches, k);
pgp_free_key (&matches);
- if (!p[l-1])
+ if (l && !p[l-1])
p[l-1] = '!';
return k;
}
out:
- if (!p[l-1])
+ if (l && !p[l-1])
p[l-1] = '!';
return NULL;
}
