Re: Mem corruption due to race? (Was: [BUG] : crash (perhaps gpg related))

Am 10.12.03 19:30 schrieb(en) Albrecht Dreß:
> I can confirm that there is a problem with a double-free when handling  
> OpenPGP (RFC2440) messages. I could reproduce it when running balsa with  
> nice -10 and compiling gcc 3.3.2 in parallel...

O.k., just say that I'm completely dumb!!! When moving the big blocks of  
gpgme code in src/balsa-message.c to separate functions, I passed the text  
buf as char *, freed it, and set it to a new (decrypted/sig verified)  
buffer. Replacing the parameter by the correct char ** removes the crash  
(surprise). Sorry again! The patch below against today's cvs fixes the  
problem. Btw, today's cvs doesn't compile cleanly:

message-window.c: In function `mw_destroy_window':
message-window.c:469: warning: no return statement in function returning  
message-window.c:744: warning: control reaches end of non-void function

Maybe this way I can insinuate two more patches into the cvs, both  
contained below...

The first one fixes a potentially critical security problem, as currently  
the passphrase cache is only erased from memory when balsa crashes, not if  
it exits cleanly. This is fixed in libbalsa/rfc3156.c (there are still  
some debug statements to stderr, to be removed in the future).

The second one, also in libbalsa/rfc3156.c, is cosmetical: it constructs  
the key selection and passphrase entry dialogs according to the HIG  
(mostly at least). To this end, I also added a new icon which according to  
a discussion in the hig is supposed to move into mainstream gtk+ (stolen  
from there), so it might be removed and replaced by a stock icon later.

Cheers, Albrecht.

 Albrecht Dreß  -  Johanna-Kirchner-Straße 13  -  D-53123 Bonn (Germany)
       Phone (+49) 228 6199571  -


PGP signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]