On Wed, 05 Apr 2006, Werner Koch wrote:
> On Wed, 5 Apr 2006 10:02:28 +0200, Peter Palfrader said:
>
> > + const char *tmp = fpr;
> > + while (*tmp)
> > + {
> > + if (isxdigit(*tmp))
>
> Will segv on many non-glibc systems if you pass non-ascii characters
> to it. Never ever use isfoo functions without additional checks.
ick.
Index: make-dns-cert.c
===================================================================
--- make-dns-cert.c (revision 4091)
+++ make-dns-cert.c (working copy)
@@ -97,7 +97,22 @@
if(fpr)
{
- fprlen=strlen(fpr);
+ const char *tmp = fpr;
+ while (*tmp)
+ {
+ if ((*tmp >= 'A' && *tmp <= 'F') ||
+ (*tmp >= 'a' && *tmp <= 'f') ||
+ (*tmp >= '0' && *tmp <= '9'))
+ {
+ fprlen++;
+ }
+ else if (*tmp != ' ' && *tmp != '\t')
+ {
+ printf("Fingerprint must consist of only hex digits (and
whitespace)\n");
+ return 1;
+ }
+ tmp++;
+ }
if(fprlen%2)
{
printf("Fingerprint must be an even number of characters\n");
--
PGP signed and encrypted | .''`. ** Debian GNU/Linux **
messages preferred. | : :' : The universal
| `. `' Operating System
http://www.palfrader.org/ | `- http://www.debian.org/
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
