diff options
Diffstat (limited to 'gnu/packages/patches/gnupg-CVE-2022-34903.patch')
| -rw-r--r-- | gnu/packages/patches/gnupg-CVE-2022-34903.patch | 54 |
1 files changed, 0 insertions, 54 deletions
diff --git a/gnu/packages/patches/gnupg-CVE-2022-34903.patch b/gnu/packages/patches/gnupg-CVE-2022-34903.patch deleted file mode 100644 index 19c055282a..0000000000 --- a/gnu/packages/patches/gnupg-CVE-2022-34903.patch +++ /dev/null @@ -1,54 +0,0 @@ -https://dev.gnupg.org/T6027 -https://www.openwall.com/lists/oss-security/2022/06/30/1 -https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=34c649b3601383cd11dbc76221747ec16fd68e1b - -From 34c649b3601383cd11dbc76221747ec16fd68e1b Mon Sep 17 00:00:00 2001 -From: Werner Koch <wk@gnupg.org> -Date: Tue, 14 Jun 2022 11:33:27 +0200 -Subject: [PATCH] g10: Fix garbled status messages in NOTATION_DATA - -* g10/cpr.c (write_status_text_and_buffer): Fix off-by-one --- - -Depending on the escaping and line wrapping the computed remaining -buffer length could be wrong. Fixed by always using a break to -terminate the escape detection loop. Might have happened for all -status lines which may wrap. - -GnuPG-bug-id: T6027 ---- - g10/cpr.c | 13 ++++--------- - 1 file changed, 4 insertions(+), 9 deletions(-) - -diff --git a/g10/cpr.c b/g10/cpr.c -index 9bfdd3c34..fa8005d6f 100644 ---- a/g10/cpr.c -+++ b/g10/cpr.c -@@ -372,20 +372,15 @@ write_status_text_and_buffer (int no, const char *string, - } - first = 0; - } -- for (esc=0, s=buffer, n=len; n && !esc; s++, n--) -+ for (esc=0, s=buffer, n=len; n; s++, n--) - { - if (*s == '%' || *(const byte*)s <= lower_limit - || *(const byte*)s == 127 ) - esc = 1; - if (wrap && ++count > wrap) -- { -- dowrap=1; -- break; -- } -- } -- if (esc) -- { -- s--; n++; -+ dowrap=1; -+ if (esc || dowrap) -+ break; - } - if (s != buffer) - es_fwrite (buffer, s-buffer, 1, statusfp); --- -2.11.0 - |