From d0fe9eb838078a5960f846ad19e078247aee8fad Mon Sep 17 00:00:00 2001 From: Ben Kibbey Date: Mon, 6 Apr 2009 22:19:05 -0400 Subject: [PATCH] Fixed pwmd_command_ap() corrupting the argument list. Operate on the va_copy() after getting the length of the original. --- libpwmd.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/libpwmd.c b/libpwmd.c index 6526da9c..face2d19 100644 --- a/libpwmd.c +++ b/libpwmd.c @@ -720,6 +720,7 @@ gpg_error_t pwmd_command_ap(pwm_t *pwm, char **result, const char *cmd, char *buf; size_t len; gpg_error_t error; + va_list ap2; if (!pwm || !cmd) return GPG_ERR_INV_ARG; @@ -728,9 +729,17 @@ gpg_error_t pwmd_command_ap(pwm_t *pwm, char **result, const char *cmd, * C99 allows the dst pointer to be null which will calculate the length * of the would-be result and return it. */ + va_copy(ap2, ap); len = vsnprintf(NULL, 0, cmd, ap)+1; buf = (char *)xmalloc(len); + + if (!buf) { + va_end(ap2); + return gpg_error_from_errno(ENOMEM); + } + len = vsnprintf(buf, len, cmd, ap); + va_end(ap2); error = send_command(pwm, result, buf); xfree(buf); return error; -- 2.11.4.GIT