/cpw/tomkiewicz/masterpassword: f588313334c8: Fix uninitialized ...

[Tomasz Wasilczyk]

Changeset: f588313334c8c924c9bf90b13f15d6c584f7cde6
Author:	 Tomasz Wasilczyk <tomkiewicz at cpw.pidgin.im>
Date:	 2013-05-15 15:27 +0200
Branch:	 soc.2008.masterpassword
URL: https://hg.pidgin.im/cpw/tomkiewicz/masterpassword/rev/f588313334c8

Description:

Fix uninitialized read

diffstat:

 libpurple/plugins/keyrings/internalkeyring.c |  12 +++++++++---
 1 files changed, 9 insertions(+), 3 deletions(-)

diffs (29 lines):

diff --git a/libpurple/plugins/keyrings/internalkeyring.c b/libpurple/plugins/keyrings/internalkeyring.c
--- a/libpurple/plugins/keyrings/internalkeyring.c
+++ b/libpurple/plugins/keyrings/internalkeyring.c
@@ -288,6 +288,7 @@ intkeyring_decrypt(intkeyring_buff_t *ke
 	gsize encrypted_size;
 	size_t iv_len, verify_len, text_len;
 	guchar plaintext[INTKEYRING_ENCRYPT_BUFF_LEN];
+	const gchar *verify_str = NULL;
 	ssize_t plaintext_len;
 	gchar *ret;
 
@@ -319,9 +320,14 @@ intkeyring_decrypt(intkeyring_buff_t *ke
 	purple_cipher_context_destroy(context);
 
 	verify_len = strlen(INTKEYRING_VERIFY_STR);
-	if (plaintext_len < verify_len || strncmp(
-		(gchar*)plaintext + plaintext_len - verify_len,
-		INTKEYRING_VERIFY_STR, verify_len) != 0) {
+	/* Don't remove the len > 0 check! */
+	if (plaintext_len > 0 && plaintext_len > verify_len &&
+		plaintext[plaintext_len] == '\0')
+	{
+		verify_str = (gchar*)plaintext + plaintext_len - verify_len;
+	}
+
+	if (g_strcmp0(verify_str, INTKEYRING_VERIFY_STR) != 0) {
 		purple_debug_warning("keyring-internal",
 			"Verification failed on decryption\n");
 		memset(plaintext, 0, sizeof(plaintext));