NetBSD Problem Report #44040

From www@NetBSD.org  Thu Nov  4 15:52:35 2010
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by www.NetBSD.org (Postfix) with ESMTP id CCF7163BB4C
	for <gnats-bugs@gnats.NetBSD.org>; Thu,  4 Nov 2010 15:52:35 +0000 (UTC)
Message-Id: <20101104155235.A098263BA68@www.NetBSD.org>
Date: Thu,  4 Nov 2010 15:52:35 +0000 (UTC)
From: roam@ringlet.net
Reply-To: roam@ringlet.net
To: gnats-bugs@NetBSD.org
Subject: libnetpgp: do not segfault when verifying clearsigned messages :)
X-Send-Pr-Version: www-1.0

>Number:         44040
>Category:       lib
>Synopsis:       libnetpgp: do not segfault when verifying clearsigned messages :)
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    agc
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Nov 04 15:55:00 +0000 2010
>Closed-Date:    Thu Nov 04 16:16:47 +0000 2010
>Last-Modified:  Thu Nov 04 16:20:02 +0000 2010
>Originator:     Peter Pentchev
>Release:        
>Organization:
>Environment:
>Description:
Once again, thanks for maintaining netpgp!

The attached patch fixes two problems when verifying a clearsigned message:
- a copy/paste error - "litdata should" be "cleartext"
- a use of an uninitialized variable, resulting in freeing
  an uninitialized pointer on the stack... resulting in a segfault

>How-To-Repeat:
Try to verify the simple clearsigned message available at:
http://devel.ringlet.net/security/netpgp/foo.txt.asc
>Fix:
Apply the patch available at:
http://devel.ringlet.net/security/netpgp/patches/05-cleartext-data.patch

Keep up the great work!

>Release-Note:

>Audit-Trail:

Responsible-Changed-From-To: lib-bug-people->agc
Responsible-Changed-By: agc@NetBSD.org
Responsible-Changed-When: Thu, 04 Nov 2010 16:16:47 +0000
Responsible-Changed-Why:
I'm responsible for netpgp


State-Changed-From-To: open->closed
State-Changed-By: agc@NetBSD.org
State-Changed-When: Thu, 04 Nov 2010 16:16:47 +0000
State-Changed-Why:
Applied the fix in the patch provided - thanks for this!


From: "Alistair G. Crooks" <agc@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/44040 CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib
Date: Thu, 4 Nov 2010 16:13:36 +0000

 Module Name:	src
 Committed By:	agc
 Date:		Thu Nov  4 16:13:35 UTC 2010

 Modified Files:
 	src/crypto/external/bsd/netpgp/dist/src/lib: reader.c validate.c

 Log Message:
 Apply patch from Peter Pentchev in PR 44040

 The patch fixes two problems when verifying a clearsigned message:
 - a copy/paste error - "litdata" should be "cleartext"
 - a use of an uninitialized variable, resulting in freeing
   an uninitialized pointer on the stack... resulting in a segfault


 To generate a diff of this commit:
 cvs rdiff -u -r1.42 -r1.43 \
     src/crypto/external/bsd/netpgp/dist/src/lib/reader.c
 cvs rdiff -u -r1.39 -r1.40 \
     src/crypto/external/bsd/netpgp/dist/src/lib/validate.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.