1. 23 Mar, 2015 5 commits
  2. 20 Mar, 2015 4 commits
  3. 19 Mar, 2015 4 commits
  4. 17 Mar, 2015 4 commits
  5. 16 Mar, 2015 3 commits
  6. 15 Mar, 2015 8 commits
    • Werner Koch's avatar
      gpg: Fix possible dead code elimination. · 1a9f13bc
      Werner Koch authored
      * g10/encrypt.c: Change condition for detecting a real file.
      --
      
      Detected by Stack 3.0:
      
        bug: anti-dce
        model: |
          %tobool155 = icmp ne i32 %call154, 0, !dbg !1298
          -->  true
          ************************************************************
          land.lhs.true156:
          %96 = icmp eq i8* %filename, null
          call void @opt.bugon(i1 %96), !dbg !1298, !bug !1250
          %97 = load i8* %filename, align 1, !dbg !1298
          %conv157 = sext i8 %97 to i32, !dbg !1298
          %tobool158 = icmp ne i32 %conv157, 0, !dbg !1298
          br i1 %tobool158, label %land.lhs.true159, label %if.else177,\
                !dbg !1298
        stack:
          - /home/wk/s/gnupg/g10/encrypt.c:639:0
        ncore: 1
        core:
          - /home/wk/s/gnupg/g10/encrypt.c:639:0
            - null pointer dereference
      1a9f13bc
    • Werner Koch's avatar
      g13: Fix pointer wrap check. · 4bc3a2e9
      Werner Koch authored
      * g13/utils.c (find_tuple, next_tuple): Cast pointer to size_t before
      doing an overflow check.
      --
      
      Detected by Stack 0.3:
      
          bug: anti-simplify
        model: |
          %cmp4 = icmp ult i8* %add.ptr3, %s.0, !dbg !568
          -->  false
        stack:
          - /home/wk/s/gnupg/g13/utils.c:127:0
        ncore: 1
        core:
          - /home/wk/s/gnupg/g13/utils.c:127:0
            - pointer overflow
      4bc3a2e9
    • Werner Koch's avatar
      agent: Remove useless conditions in command.c. · 3a35c974
      Werner Koch authored
      * agent/command.c (cmd_setkeydesc): Remove NULL check.
      (cmd_get_passphrase): Ditto.
      (cmd_clear_passphrase): Ditto.
      (cmd_get_confirmation): Ditto.
      (cmd_getval): Ditto.
      (cmd_putval): Ditto.
      --
      
      Detected by Stack 0.3.
      3a35c974
    • Werner Koch's avatar
      agent: Fix length test in sshcontrol parser. · 3529dd8b
      Werner Koch authored
      * agent/command-ssh.c (ssh_search_control_file): Check S before
      upcasing it.
      --
      
      In contradiction to the comment we did not check the length of HEXGRIP
      and thus the GPG_ERR_INV_LENGTH was never triggered.
      
      Detected by Stack 0.3:
      
        bug: anti-simplify
        model: |
          %cmp8 = icmp ne i32 %i.0, 40, !dbg !986
          -->  false
        stack:
          - /home/wk/s/gnupg/agent/command-ssh.c:1226:0
        ncore: 2
        core:
          - /home/wk/s/gnupg/agent/command-ssh.c:1225:0
            - buffer overflow
          - /home/wk/s/gnupg/agent/command-ssh.c:1225:0
            - buffer overflow
      3529dd8b
    • Werner Koch's avatar
      agent: Remove useless conditions. · 95415bde
      Werner Koch authored
      * agent/genkey.c (agent_ask_new_passphrase): Remove useless condition.
      * agent/command-ssh.c (ssh_identity_register): Ditto.
      --
      
      Detected by Stack 0.3:
      
        bug: anti-simplify
        model: |
          %tobool22 = icmp ne i8* %arraydecay21, null, !dbg !717
          -->  true
        stack:
          - /home/wk/s/gnupg/agent/genkey.c:385:0
        ncore: 1
        core:
          - /home/wk/s/gnupg/agent/genkey.c:362:0
            - pointer overflow
      
        bug: anti-simplify
        model: |
          %tobool35 = icmp ne i8* %arraydecay34, null, !dbg !1053
          -->  true
        stack:
          - /home/wk/s/gnupg/agent/command-ssh.c:3120:0
        ncore: 1
        core:
          - /home/wk/s/gnupg/agent/command-ssh.c:3103:0
            - pointer overflow
      95415bde
    • Werner Koch's avatar
      gpg: Remove useless condition. · c59b410c
      Werner Koch authored
      * g10/keylist.c (list_keyblock_colon): Remove useless condition (PK).
      (list_keyblock_print):  Likewise.
      --
      
      PK is already derefed above and thus testing for PK is dead code.
      Detected by Stack 0.3:
      
        bug: anti-simplify
        model: |
          %tobool200 = icmp ne %struct.PKT_public_key* %3, null, !dbg !1498
          -->  true
        stack:
          - /home/wk/s/gnupg/g10/keylist.c:1367:0
        ncore: 1
        core:
          - /home/wk/s/gnupg/g10/keylist.c:1319:0
            - null pointer dereference
      
        bug: anti-simplify
        model: |
          %tobool102 = icmp ne %struct.PKT_public_key* %4, null, !dbg !1462
          -->  true
        stack:
          - /home/wk/s/gnupg/g10/keylist.c:978:0
        ncore: 1
        core:
          - /home/wk/s/gnupg/g10/keylist.c:955:0
            - null pointer dereference
      
        bug: anti-simplify
        model: |
          %tobool128 = icmp ne %struct.PKT_public_key* %4, null, !dbg !1469
          -->  true
        stack:
          - /home/wk/s/gnupg/g10/keylist.c:990:0
        ncore: 1
        core:
          - /home/wk/s/gnupg/g10/keylist.c:955:0
            - null pointer dereference
      c59b410c
    • Werner Koch's avatar
      scd: Fix possible NULL deref in apdu.c · ef0a3abf
      Werner Koch authored
      * scd/apdu.c (control_pcsc_direct): Take care of BUFLEN being NULL.
      (control_pcsc_wrapped): Ditto.
      --
      
      pcsc_vendor_specific_init calls the above with BUFFER and BUFLEN as
      NULL.
      
      Reported by Stack 0.3:
      
        bug: anti-dce
        model: |
          control_pcsc.exit77:
          %retval.0.i.i76 = phi i32 [ %rc.0.i.i.i73, \
                  %pcsc_error_to_sw.exit.i.i74 ], [ 0, %if.end.i.i75 ]
          %tobool198 = icmp ne i32 %retval.0.i.i76, 0, !dbg !728
          br i1 %tobool198, label %if.then199, label %if.end200, !dbg !728
        stack:
          - /home/wk/s/gnupg/scd/apdu.c:1882:0
        ncore: 1
        core:
          - /home/wk/s/gnupg/scd/apdu.c:1309:0
            - buffer overflow
      ef0a3abf
    • Werner Koch's avatar
      common: Make openpgp_oid_to_str more robust. · 35db798c
      Werner Koch authored
      * common/openpgp-oid.c (openpgp_oid_to_str): Take care of
      gcry_mpi_get_opaque returning NULL.  Remove useless condition !BUF.
      --
      
      It is possible that an opaque MPI stores just a NULL pointer.  Take
      care of that before incrementing the pointer.  We return an error in
      this case because at least a length byte is required.
      
      Found due to hint from stack 0.3:
      
        bug: anti-simplify
        model: |
          %tobool15 = icmp ne i8* %incdec.ptr, null, !dbg !567
          -->  true
        stack:
          - /home/wk/s/gnupg/common/openpgp-oid.c:220:0
        ncore: 1
        core:
          - /home/wk/s/gnupg/common/openpgp-oid.c:212:0
            - pointer overflow
      Signed-off-by: default avatarWerner Koch <wk@gnupg.org>
      35db798c
  7. 11 Mar, 2015 1 commit
    • Werner Koch's avatar
      agent: Improve error reporting from Pinentry. · efde50f9
      Werner Koch authored
      * agent/call-pinentry.c (unlock_pinentry): Add error logging.  Map
      error source of uncommon errors to Pinentry.
      --
      
      With this change it is possible to detect whether an error like
      GPG_ERR_ASS_INV_RESPONSE has its origin in a call to Pinentry or comes
      from another part of gpg-agent.
      Signed-off-by: default avatarWerner Koch <wk@gnupg.org>
      efde50f9
  8. 10 Mar, 2015 2 commits
  9. 09 Mar, 2015 1 commit
    • NIIBE Yutaka's avatar
      scd: fix for 64-bit arch. · bb5a1b7c
      NIIBE Yutaka authored
      * agent/pksign.c (agent_pksign_do): Use int.
      * scd/app-openpgp.c (get_public_key): Likewise.
      
      --
      
      On 64-bit architecture, int and size_t might be different.
      For the first argument for '%b', int is expected.
      bb5a1b7c
  10. 06 Mar, 2015 1 commit
  11. 04 Mar, 2015 2 commits
  12. 26 Feb, 2015 5 commits