NetBSD Problem Report #44040
From www@NetBSD.org Thu Nov 4 15:52:35 2010
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by www.NetBSD.org (Postfix) with ESMTP id CCF7163BB4C
for <gnats-bugs@gnats.NetBSD.org>; Thu, 4 Nov 2010 15:52:35 +0000 (UTC)
Message-Id: <20101104155235.A098263BA68@www.NetBSD.org>
Date: Thu, 4 Nov 2010 15:52:35 +0000 (UTC)
From: roam@ringlet.net
Reply-To: roam@ringlet.net
To: gnats-bugs@NetBSD.org
Subject: libnetpgp: do not segfault when verifying clearsigned messages :)
X-Send-Pr-Version: www-1.0
>Number: 44040
>Category: lib
>Synopsis: libnetpgp: do not segfault when verifying clearsigned messages :)
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: agc
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Nov 04 15:55:00 +0000 2010
>Closed-Date: Thu Nov 04 16:16:47 +0000 2010
>Last-Modified: Thu Nov 04 16:20:02 +0000 2010
>Originator: Peter Pentchev
>Release:
>Organization:
>Environment:
>Description:
Once again, thanks for maintaining netpgp!
The attached patch fixes two problems when verifying a clearsigned message:
- a copy/paste error - "litdata should" be "cleartext"
- a use of an uninitialized variable, resulting in freeing
an uninitialized pointer on the stack... resulting in a segfault
>How-To-Repeat:
Try to verify the simple clearsigned message available at:
http://devel.ringlet.net/security/netpgp/foo.txt.asc
>Fix:
Apply the patch available at:
http://devel.ringlet.net/security/netpgp/patches/05-cleartext-data.patch
Keep up the great work!
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: lib-bug-people->agc
Responsible-Changed-By: agc@NetBSD.org
Responsible-Changed-When: Thu, 04 Nov 2010 16:16:47 +0000
Responsible-Changed-Why:
I'm responsible for netpgp
State-Changed-From-To: open->closed
State-Changed-By: agc@NetBSD.org
State-Changed-When: Thu, 04 Nov 2010 16:16:47 +0000
State-Changed-Why:
Applied the fix in the patch provided - thanks for this!
From: "Alistair G. Crooks" <agc@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/44040 CVS commit: src/crypto/external/bsd/netpgp/dist/src/lib
Date: Thu, 4 Nov 2010 16:13:36 +0000
Module Name: src
Committed By: agc
Date: Thu Nov 4 16:13:35 UTC 2010
Modified Files:
src/crypto/external/bsd/netpgp/dist/src/lib: reader.c validate.c
Log Message:
Apply patch from Peter Pentchev in PR 44040
The patch fixes two problems when verifying a clearsigned message:
- a copy/paste error - "litdata" should be "cleartext"
- a use of an uninitialized variable, resulting in freeing
an uninitialized pointer on the stack... resulting in a segfault
To generate a diff of this commit:
cvs rdiff -u -r1.42 -r1.43 \
src/crypto/external/bsd/netpgp/dist/src/lib/reader.c
cvs rdiff -u -r1.39 -r1.40 \
src/crypto/external/bsd/netpgp/dist/src/lib/validate.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.