Module Name: src
Committed By: rillig
Date: Sat Aug 27 08:30:06 UTC 2022
Modified Files:
src/crypto/external/bsd/netpgp/dist/src/lib: netpgp.c
Log Message:
netpgp: fix use after free when reading pubkey
To reproduce:
srcdir=...
objdir=...
cd "$srcdir"/crypto/external/bsd/netpgp/dist/bindings/lua
cp "$objdir"/crypto/external/bsd/netpgp/bindings/lua/netpgp.so \
./libluanetpgp.so
LD_LIBRARY_PATH="." MALLOC_CONF=junk:true lua netpgp.lua
> $HOME/.gnupg/pubring.gpg: No such file or directory
> Can't read pubring ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
To generate a diff of this commit:
cvs rdiff -u -r1.103 -r1.104 \
src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c:1.103 src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c:1.104
--- src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c:1.103 Sat Mar 21 01:07:21 2020
+++ src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c Sat Aug 27 08:30:06 2022
@@ -34,7 +34,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: netpgp.c,v 1.103 2020/03/21 01:07:21 jhigh Exp $");
+__RCSID("$NetBSD: netpgp.c,v 1.104 2022/08/27 08:30:06 rillig Exp $");
#endif
#include <sys/types.h>
@@ -297,9 +297,9 @@ readkeyring(netpgp_t *netpgp, const char
filename = keyringfile(netpgp, name);
if (!pgp_keyring_fileread(keyring, noarmor, filename)) {
+ (void) fprintf(stderr, "Can't read %s %s\n", name, filename);
free(filename);
free(keyring);
- (void) fprintf(stderr, "Can't read %s %s\n", name, filename);
return NULL;
}
netpgp_setvar(netpgp, name, filename);
