The code was not properly checking for a -1 return value in the read, leading to an infinite loop, and printing past the buffer value to the stream.
Thanks to [email protected] for the security report. --- This is 2 in the list evilrabbit sent. Thanks for the suggestion Alex, but it reads a little funny compared to the rest of the codebase, so I'm keeping the comparision as is for this fix. :-D crypt-gpgme.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypt-gpgme.c b/crypt-gpgme.c index 5313d6f2..4e0bcf2f 100644 --- a/crypt-gpgme.c +++ b/crypt-gpgme.c @@ -742,7 +742,7 @@ static int data_object_to_stream (gpgme_data_t data, FILE *fp) return -1; } - while ((nread = gpgme_data_read (data, buf, sizeof (buf)))) + while ((nread = gpgme_data_read(data, buf, sizeof (buf))) > 0) { /* fixme: we are not really converting CRLF to LF but just skipping CR. Doing it correctly needs a more complex logic */ -- 2.53.0
