aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWerner Koch <[email protected]>2015-02-22 04:10:28 +0000
committerWerner Koch <[email protected]>2015-02-23 09:45:08 +0000
commit2e8db53854506572e9d5b5908e143b5ca28f30f5 (patch)
tree7950775b7f92bf372f8338ba0a570c931847bc2d
parentgpg: Limit the size of key packets to a sensible value. (diff)
downloadgnupg-2e8db53854506572e9d5b5908e143b5ca28f30f5.tar.gz
gnupg-2e8db53854506572e9d5b5908e143b5ca28f30f5.zip
gpg: Fix a NULL-deref due to empty ring trust packets.
* g10/parse-packet.c (parse_trust): Always allocate a packet. -- Reported-by: Hanno Böck <[email protected]> Signed-off-by: Werner Koch <[email protected]> (back ported from commit 39978487863066e59bb657f5fe4e8baab510da7e) [dkg: rebased to STABLE-BRANCH-1-4] Signed-off-by: Daniel Kahn Gillmor <[email protected]>
Diffstat
-rw-r--r--g10/parse-packet.c10
1 files changed, 7 insertions, 3 deletions
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index c0b6ad6d8..e7e923b78 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -2245,11 +2245,13 @@ parse_trust( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *pkt )
{
int c;
+ (void)pkttype;
+
+ pkt->pkt.ring_trust = xmalloc( sizeof *pkt->pkt.ring_trust );
if (pktlen)
{
c = iobuf_get_noeof(inp);
pktlen--;
- pkt->pkt.ring_trust = xmalloc( sizeof *pkt->pkt.ring_trust );
pkt->pkt.ring_trust->trustval = c;
pkt->pkt.ring_trust->sigcache = 0;
if (!c && pktlen==1)
@@ -2267,8 +2269,10 @@ parse_trust( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *pkt )
}
else
{
- if( list_mode )
- fprintf (listfp, ":trust packet: empty\n");
+ pkt->pkt.ring_trust->trustval = 0;
+ pkt->pkt.ring_trust->sigcache = 0;
+ if (list_mode)
+ fprintf (listfp, ":trust packet: empty\n");
}
iobuf_skip_rest (inp, pktlen, 0);
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-16 19:19:54 +0000