Module Name: src Committed By: rillig Date: Sat Aug 27 08:30:06 UTC 2022
Modified Files: src/crypto/external/bsd/netpgp/dist/src/lib: netpgp.c Log Message: netpgp: fix use after free when reading pubkey To reproduce: srcdir=... objdir=... cd "$srcdir"/crypto/external/bsd/netpgp/dist/bindings/lua cp "$objdir"/crypto/external/bsd/netpgp/bindings/lua/netpgp.so \ ./libluanetpgp.so LD_LIBRARY_PATH="." MALLOC_CONF=junk:true lua netpgp.lua > $HOME/.gnupg/pubring.gpg: No such file or directory > Can't read pubring ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ To generate a diff of this commit: cvs rdiff -u -r1.103 -r1.104 \ src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c diff -u src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c:1.103 src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c:1.104 --- src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c:1.103 Sat Mar 21 01:07:21 2020 +++ src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c Sat Aug 27 08:30:06 2022 @@ -34,7 +34,7 @@ #if defined(__NetBSD__) __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: netpgp.c,v 1.103 2020/03/21 01:07:21 jhigh Exp $"); +__RCSID("$NetBSD: netpgp.c,v 1.104 2022/08/27 08:30:06 rillig Exp $"); #endif #include <sys/types.h> @@ -297,9 +297,9 @@ readkeyring(netpgp_t *netpgp, const char filename = keyringfile(netpgp, name); if (!pgp_keyring_fileread(keyring, noarmor, filename)) { + (void) fprintf(stderr, "Can't read %s %s\n", name, filename); free(filename); free(keyring); - (void) fprintf(stderr, "Can't read %s %s\n", name, filename); return NULL; } netpgp_setvar(netpgp, name, filename);