Hi Joshua--
On 12/20/2014 03:45 AM, Joshua Rogers wrote:
> --
>
> If something in the keyserver_line failed, parse_keyserver_line would free
> 'server', but then return it afterwards, leading to a use-after-free.
>
> sm/gpgsm.c, in the function main() correctly checks whether the return of
> parse_keyserver_line is false.
> ---
> sm/gpgsm.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/sm/gpgsm.c b/sm/gpgsm.c
> index 3398d17..75c0b4d 100644
> --- a/sm/gpgsm.c
> +++ b/sm/gpgsm.c
> @@ -862,6 +862,7 @@ parse_keyserver_line (char *line,
> {
> log_info (_("%s:%u: skipping this line\n"), filename, lineno);
> keyserver_list_free (server);
> + return 0;
> }
>
> return server;
Since the return value of parse_keyserver_line is a
struct keyserver_spec *, it's probably cleaner to represent it as NULL,
instead of 0.
This is functionally no different, of course, but it makes it clearer
what's going on.
(alternately, you could just set
server = NULL;
and let the final line of the function return it)
--dkg
signature.asc
Description: OpenPGP digital signature
