From 5e8f1f9c853eff2fe49cc7f1dadb285b3c337c18 Mon Sep 17 00:00:00 2001
From: John Hernandez <129467592+H3rnand3zzz@users.noreply.github.com>
Date: Thu, 13 Apr 2023 10:14:54 +0200
Subject: [PATCH 1/2] Fix memory corruption crash

Under certain circumstances setting plain_str[len] to 0 might lead to crash
and it does not follow the best practices as well.

This change allows better handling of buffer copying and prevents crash.
---
 src/pgp/gpg.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/pgp/gpg.c b/src/pgp/gpg.c
index 8762660d..3ef69c1d 100644
--- a/src/pgp/gpg.c
+++ b/src/pgp/gpg.c
@@ -721,10 +721,9 @@ p_gpg_decrypt(const char* const cipher)
     char* plain_str = gpgme_data_release_and_get_mem(plain_data, &len);
     char* result = NULL;
     if (plain_str) {
-        plain_str[len] = 0;
-        result = g_strdup(plain_str);
+        result = strndup(plain_str, len);
+        gpgme_free(plain_str);
     }
-    gpgme_free(plain_str);
 
     if (passphrase_attempt) {
         passphrase = strdup(passphrase_attempt);

From 899b26b3bce7bc7575be79df0cb9462c9e17623a Mon Sep 17 00:00:00 2001
From: John Hernandez <129467592+H3rnand3zzz@users.noreply.github.com>
Date: Thu, 13 Apr 2023 15:26:19 +0200
Subject: [PATCH 2/2] Cleanup p_ox_gpg_decrypt

In OX implementation gpgme's buffer remains untouched, thus not leading to the crash.

But code can be shorter and more concise.
---
 src/pgp/ox.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/pgp/ox.c b/src/pgp/ox.c
index 71fa6c8c..4d42a2a7 100644
--- a/src/pgp/ox.c
+++ b/src/pgp/ox.c
@@ -419,10 +419,12 @@ p_ox_gpg_decrypt(char* base64)
 
     size_t len;
     char* plain_str = gpgme_data_release_and_get_mem(plain, &len);
-    char* result = malloc(len + 1);
-    memcpy(result, plain_str, len);
-    result[len] = '\0';
-    gpgme_free(plain_str);
+    char* result = NULL;
+    if (plain_str) {
+        result = strndup(plain_str, len);
+        gpgme_free(plain_str);
+    }
+
     return result;
 }