Hi Kevin, On 2026-04-19T13:49:31+0800, Kevin J. McCarthy wrote: > The code was not properly checking for a -1 return value in the read, > leading to an infinite loop, and printing past the buffer value to the > stream. > > Thanks to [email protected] for the security report. > --- > This is 2 in the list evilrabbit sent. > > Thanks for the suggestion Alex, but it reads a little funny compared to > the rest of the codebase, so I'm keeping the comparision as is for this > fix. :-D
That's fine. :-) Reviewed-by: Alejandro Colomar <[email protected]> Cheers, Alex > > crypt-gpgme.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/crypt-gpgme.c b/crypt-gpgme.c > index 5313d6f2..4e0bcf2f 100644 > --- a/crypt-gpgme.c > +++ b/crypt-gpgme.c > @@ -742,7 +742,7 @@ static int data_object_to_stream (gpgme_data_t data, FILE > *fp) > return -1; > } > > - while ((nread = gpgme_data_read (data, buf, sizeof (buf)))) > + while ((nread = gpgme_data_read(data, buf, sizeof (buf))) > 0) > { > /* fixme: we are not really converting CRLF to LF but just > skipping CR. Doing it correctly needs a more complex logic */ > -- > 2.53.0 > -- <https://www.alejandro-colomar.es>
signature.asc
Description: PGP signature
