From fdc04a171777327218a1e78db504926c388b48c4 Mon Sep 17 00:00:00 2001
From: "Kevin J. McCarthy" <kevin@8t8.us>
Date: Sat, 18 Apr 2026 21:54:34 +0800
Subject: [PATCH] Fix infinite loop in gpgme data_object_to_stream().

The code was not properly checking for a -1 return value in the read,
leading to an infinite loop, and printing past the buffer value to the
stream.

Thanks to evilrabbit@tutamail.com for the security report.

Reviewed-by: Alejandro Colomar <alx@kernel.org>
---
 crypt-gpgme.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypt-gpgme.c b/crypt-gpgme.c
index b30632b8..3195ed79 100644
--- a/crypt-gpgme.c
+++ b/crypt-gpgme.c
@@ -742,7 +742,7 @@ static int data_object_to_stream (gpgme_data_t data, FILE *fp)
       return -1;
     }
 
-  while ((nread = gpgme_data_read (data, buf, sizeof (buf))))
+  while ((nread = gpgme_data_read(data, buf, sizeof (buf))) > 0)
     {
       /* fixme: we are not really converting CRLF to LF but just
          skipping CR. Doing it correctly needs a more complex logic */