lib/44040: libnetpgp: do not segfault when verifying clearsigned messages :)

To: lib-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: lib/44040: libnetpgp: do not segfault when verifying clearsigned messages :)
From: roam%ringlet.net@localhost
Date: Thu, 4 Nov 2010 15:55:00 +0000 (UTC)

>Number:         44040
>Category:       lib
>Synopsis:       libnetpgp: do not segfault when verifying clearsigned messages 
>:)
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Nov 04 15:55:00 +0000 2010
>Originator:     Peter Pentchev
>Release:        
>Organization:
>Environment:
>Description:
Once again, thanks for maintaining netpgp!

The attached patch fixes two problems when verifying a clearsigned message:
- a copy/paste error - "litdata should" be "cleartext"
- a use of an uninitialized variable, resulting in freeing
  an uninitialized pointer on the stack... resulting in a segfault

>How-To-Repeat:
Try to verify the simple clearsigned message available at:
http://devel.ringlet.net/security/netpgp/foo.txt.asc
>Fix:
Apply the patch available at:
http://devel.ringlet.net/security/netpgp/patches/05-cleartext-data.patch

Keep up the great work!

Prev by Date: PR/43998 CVS commit: src/lib/libedit
Next by Date: lib/44041: libnetpgp: do not send diagnostic messages to the output stream
Previous by Thread: PR/43998 CVS commit: src/lib/libedit
Next by Thread: lib/44041: libnetpgp: do not send diagnostic messages to the output stream
Indexes:

Home | Main Index | Thread Index | Old Index