diff options
| author | Werner Koch <wk@gnupg.org> | 2015-02-19 16:29:58 +0100 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2015-02-19 16:29:58 +0100 |
| commit | 76c8122adfed0f0f443cce7bda702ba2b39661b3 (patch) | |
| tree | f6ffd6752819ed502205a1bded089fa3fcf3b4a6 | |
| parent | scd: Fix regression in 2.1.2 (due to commit 2183683) (diff) | |
| download | gnupg2-76c8122adfed0f0f443cce7bda702ba2b39661b3.tar.xz gnupg2-76c8122adfed0f0f443cce7bda702ba2b39661b3.zip | |
gpg: Fix segv due to NULL value stored as opaque MPI.
* g10/build-packet.c (gpg_mpi_write): Check for NULL return from
gcry_mpi_get_opaque.
(gpg_mpi_write_nohdr, do_key): Ditto.
* g10/keyid.c (hash_public_key): Ditto.
--
This fix extends commmit 0835d2f44ef62eab51fce6a927908f544e01cf8f.
gpg2 --export --no-default-keyring --keyring TESTDATA
With TESTDATA being below after unpacking.
-----BEGIN PGP ARMORED FILE-----
mBMEhdkMmS8BcX8F//8F5voEhQAQmBMEnAAAZwAAo4D/f/8EhQAAAIAEnP8EhQAQ
iBMEnP8AAAAABf8jIID///8EhQYQmBMEnIUAEIgTBKT/AAAAAAUAACCA/f//BIUA
EJgTBJx/AP8ABPPzBJx/AP8ABPPz
=2yE0
-----END PGP ARMORED FILE-----
Reported-by: Jodie Cunningham
Signed-off-by: Werner Koch <wk@gnupg.org>
| -rw-r--r-- | g10/build-packet.c | 7 | ||||
| -rw-r--r-- | g10/keyid.c | 21 |
2 files changed, 18 insertions, 10 deletions
diff --git a/g10/build-packet.c b/g10/build-packet.c index e44350e44..557dffee1 100644 --- a/g10/build-packet.c +++ b/g10/build-packet.c @@ -171,7 +171,7 @@ gpg_mpi_write (iobuf_t out, gcry_mpi_t a) lenhdr[0] = nbits >> 8; lenhdr[1] = nbits; rc = iobuf_write (out, lenhdr, 2); - if (!rc) + if (!rc && p) rc = iobuf_write (out, p, (nbits+7)/8); } else @@ -209,7 +209,7 @@ gpg_mpi_write_nohdr (iobuf_t out, gcry_mpi_t a) const void *p; p = gcry_mpi_get_opaque (a, &nbits); - rc = iobuf_write (out, p, (nbits+7)/8); + rc = p ? iobuf_write (out, p, (nbits+7)/8) : 0; } else rc = gpg_error (GPG_ERR_BAD_MPI); @@ -393,7 +393,8 @@ do_key (iobuf_t out, int ctb, PKT_public_key *pk) assert (gcry_mpi_get_flag (pk->pkey[npkey], GCRYMPI_FLAG_OPAQUE)); p = gcry_mpi_get_opaque (pk->pkey[npkey], &ndatabits); - iobuf_write (a, p, (ndatabits+7)/8 ); + if (p) + iobuf_write (a, p, (ndatabits+7)/8 ); } else { diff --git a/g10/keyid.c b/g10/keyid.c index 9f7b70fca..a0571b03b 100644 --- a/g10/keyid.c +++ b/g10/keyid.c @@ -179,7 +179,10 @@ hash_public_key (gcry_md_hd_t md, PKT_public_key *pk) p = gcry_mpi_get_opaque (pk->pkey[i], &nbits); pp[i] = xmalloc ((nbits+7)/8); - memcpy (pp[i], p, (nbits+7)/8); + if (p) + memcpy (pp[i], p, (nbits+7)/8); + else + pp[i] = NULL; nn[i] = (nbits+7)/8; n += nn[i]; } @@ -214,14 +217,18 @@ hash_public_key (gcry_md_hd_t md, PKT_public_key *pk) if(npkey==0 && pk->pkey[0] && gcry_mpi_get_flag (pk->pkey[0], GCRYMPI_FLAG_OPAQUE)) { - gcry_md_write (md, pp[0], nn[0]); + if (pp[0]) + gcry_md_write (md, pp[0], nn[0]); } else - for(i=0; i < npkey; i++ ) - { - gcry_md_write ( md, pp[i], nn[i] ); - xfree(pp[i]); - } + { + for(i=0; i < npkey; i++ ) + { + if (pp[i]) + gcry_md_write ( md, pp[i], nn[i] ); + xfree(pp[i]); + } + } } |