diff options
| author | Daniel Kahn Gillmor <[email protected]> | 2015-02-21 23:23:44 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2015-06-02 15:22:27 +0000 |
| commit | b2d9d105f717dc6c02ac81b5d987851279c4cd97 (patch) | |
| tree | 648fac5a138e92bedbc60ac58c4c241e20086255 | |
| parent | doc: Typo fix for "Creation-Date". (diff) | |
| download | gnupg-b2d9d105f717dc6c02ac81b5d987851279c4cd97.tar.gz gnupg-b2d9d105f717dc6c02ac81b5d987851279c4cd97.zip | |
gpg: Fix segv due to NULL value stored as opaque MPI (BRANCH 2.0)
* g10/build-packet.c (do_secret_key): Check for NULL return from
gcry_mpi_get_opaque.
* g10/keyid.c (hash_public_key): Ditto.
--
This is a backport of 76c8122adfed0f0f443cce7bda702ba2b39661b3 from
master to the STABLE-BRANCH-2-0
On the STABLE-BRANCH-2-0, we may also want to patch g10/seckey-cert.c,
but that has not been done in this patch.
This fix extends commmit 0835d2f44ef62eab51fce6a927908f544e01cf8f.
gpg2 --export --no-default-keyring --keyring TESTDATA
With TESTDATA being below after unpacking.
-----BEGIN PGP ARMORED FILE-----
mBMEhdkMmS8BcX8F//8F5voEhQAQmBMEnAAAZwAAo4D/f/8EhQAAAIAEnP8EhQAQ
iBMEnP8AAAAABf8jIID///8EhQYQmBMEnIUAEIgTBKT/AAAAAAUAACCA/f//BIUA
EJgTBJx/AP8ABPPzBJx/AP8ABPPz
=2yE0
-----END PGP ARMORED FILE-----
Reported-by: Jodie Cunningham
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
| -rw-r--r-- | g10/build-packet.c | 6 | ||||
| -rw-r--r-- | g10/keyid.c | 16 |
2 files changed, 14 insertions, 8 deletions
diff --git a/g10/build-packet.c b/g10/build-packet.c index e98698728..5cc03cf65 100644 --- a/g10/build-packet.c +++ b/g10/build-packet.c @@ -398,7 +398,8 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk ) assert (gcry_mpi_get_flag (sk->skey[npkey], GCRYMPI_FLAG_OPAQUE)); p = gcry_mpi_get_opaque (sk->skey[npkey], &ndatabits ); - iobuf_write (a, p, (ndatabits+7)/8 ); + if (p) + iobuf_write (a, p, (ndatabits+7)/8 ); } else if ( sk->is_protected ) { @@ -410,7 +411,8 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk ) assert (gcry_mpi_get_flag (sk->skey[i], GCRYMPI_FLAG_OPAQUE)); p = gcry_mpi_get_opaque (sk->skey[i], &ndatabits); - iobuf_write (a, p, (ndatabits+7)/8); + if (p) + iobuf_write (a, p, (ndatabits+7)/8); } write_16(a, sk->csum ); } diff --git a/g10/keyid.c b/g10/keyid.c index 6af0f4843..ef6ee1c11 100644 --- a/g10/keyid.c +++ b/g10/keyid.c @@ -115,14 +115,18 @@ hash_public_key( gcry_md_hd_t md, PKT_public_key *pk ) if(npkey==0 && pk->pkey[0] && gcry_mpi_get_flag (pk->pkey[0], GCRYMPI_FLAG_OPAQUE)) { - gcry_md_write (md, pp[0], nn[0]); + if (pp[0]) + gcry_md_write (md, pp[0], nn[0]); } else - for(i=0; i < npkey; i++ ) - { - gcry_md_write ( md, pp[i], nn[i] ); - xfree(pp[i]); - } + { + for(i=0; i < npkey; i++ ) + { + if (pp[i]) + gcry_md_write ( md, pp[i], nn[i] ); + xfree(pp[i]); + } + } } static gcry_md_hd_t |