diff options
author | Marvin W <git@larma.de> | 2020-06-28 11:25:10 +0200 |
---|---|---|
committer | Marvin W <git@larma.de> | 2020-06-28 11:53:43 +0200 |
commit | af98b8ea0fd256e0860695615b0b2992523591fc (patch) | |
tree | 83c51eb072ead9ddf6fe9dd2f254510890213ee1 | |
parent | 48964bc5cca6e56cd7fc745b1a4a9ae5d34f0772 (diff) | |
download | dino-af98b8ea0fd256e0860695615b0b2992523591fc.tar.gz dino-af98b8ea0fd256e0860695615b0b2992523591fc.zip |
Fix rare 1 byte buffer over-read
-rw-r--r-- | plugins/gpgme-vala/src/gpgme_helper.vala | 19 | ||||
-rw-r--r-- | plugins/gpgme-vala/vapi/gpgme.vapi | 2 |
2 files changed, 11 insertions, 10 deletions
diff --git a/plugins/gpgme-vala/src/gpgme_helper.vala b/plugins/gpgme-vala/src/gpgme_helper.vala index 4a6d94fa..f28bc6d6 100644 --- a/plugins/gpgme-vala/src/gpgme_helper.vala +++ b/plugins/gpgme-vala/src/gpgme_helper.vala @@ -144,28 +144,29 @@ private static Key? get_key(string sig, bool priv) throws GLib.Error { } private static string get_string_from_data(Data data) { + const size_t BUF_SIZE = 256; data.seek(0); - uint8[] buf = new uint8[256]; - ssize_t? len = null; + uint8[] buf = new uint8[BUF_SIZE + 1]; + ssize_t len = 0; string res = ""; do { - len = data.read(buf); + len = data.read(buf, BUF_SIZE); if (len > 0) { - string part = (string) buf; - part = part.substring(0, (long) len); - res += part; + buf[len] = 0; + res += (string) buf; } } while (len > 0); return res; } private static uint8[] get_uint8_from_data(Data data) { + const size_t BUF_SIZE = 256; data.seek(0); - uint8[] buf = new uint8[256]; - ssize_t? len = null; + uint8[] buf = new uint8[BUF_SIZE + 1]; + ssize_t len = 0; ByteArray res = new ByteArray(); do { - len = data.read(buf); + len = data.read(buf, BUF_SIZE); if (len > 0) { res.append(buf[0:len]); } diff --git a/plugins/gpgme-vala/vapi/gpgme.vapi b/plugins/gpgme-vala/vapi/gpgme.vapi index 3b8e660d..f50150a7 100644 --- a/plugins/gpgme-vala/vapi/gpgme.vapi +++ b/plugins/gpgme-vala/vapi/gpgme.vapi @@ -474,7 +474,7 @@ namespace GPG { [CCode (cname = "gpgme_data_release_and_get_mem")] public string release_and_get_mem(out size_t len); - public ssize_t read(uint8[] buf); + public ssize_t read([CCode (array_length = false)] uint8[] buf, size_t len); public ssize_t write(uint8[] buf); |