gpg: Fix a NULL-deref due to empty ring trust packets.

* g10/parse-packet.c (parse_trust): Always allocate a packet.
--

Reported-by: Hanno Böck <[email protected]>
Signed-off-by: Werner Koch <[email protected]>

Test data:

 gpg2 --no-default-keyring --keyring FILE --export

With this unpacked data for FILE:

-----BEGIN PGP ARMORED FILE-----
Version: GnuPG v2
Comment: Use "gpg --dearmor" for unpacking

mI0EVNP2zQEEALvETPVDCJDBXkegF4esiV1fqlne40yJnCmJeDEJYocwFPXfFA86
sSGjInzgDbpbC9gQPwq91Qe9x3Vy81CkyVonPOejhINlzfpzqAAa3A6viJccZTwt
DJ8E/I9jg53sbYW8q+VgfLn1hlggH/XQRT0HkXMP5y9ClURYnTsNwJhXABEBAAG0
CXRlc3QgdGVzdIi5BBMBCgAjBQJU0/bNAhsDBwsJCAcDAgEGFQgCCQoLBBYCAwEC
HgECF4AACgkQlsmuCapsqYLvtQP/byY0tM0Lc3moftbHQZ2eHj9ykLjsCjeMDfPx
kZUUtUS3HQaqgZLZOeqPjM7XgGh5hJsd9pfhmRWJ0x+iGB47XQNpRTtdLBV/WMCS
l5z3uW7e9Md7QVUVuSlJnBgQHTS6EgP8JQadPkAiF+jgpJZXP+gFs2j3gobS0qUF
eyTtxs+wAAAD
=puSt
-----END PGP ARMORED FILE-----

1 files changed, 3 insertions, 1 deletions

diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index 524fabee1..012d37368 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -2596,11 +2596,11 @@ parse_trust (IOBUF inp, int pkttype, unsigned long pktlen, PACKET * pkt)
 
   (void) pkttype;
 
+  pkt->pkt.ring_trust = xmalloc (sizeof *pkt->pkt.ring_trust);
   if (pktlen)
     {
       c = iobuf_get_noeof (inp);
       pktlen--;
-      pkt->pkt.ring_trust = xmalloc (sizeof *pkt->pkt.ring_trust);
       pkt->pkt.ring_trust->trustval = c;
       pkt->pkt.ring_trust->sigcache = 0;
       if (!c && pktlen == 1)
@@ -2619,6 +2619,8 @@ parse_trust (IOBUF inp, int pkttype, unsigned long pktlen, PACKET * pkt)
     }
   else
     {
+      pkt->pkt.ring_trust->trustval = 0;
+      pkt->pkt.ring_trust->sigcache = 0;
       if (list_mode)
 	es_fprintf (listfp, ":trust packet: empty\n");
     }