From 69767ccf4218d0dc5ef2d7e141be0f14c88fea59 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Mon, 24 Nov 2014 19:32:47 +0100
Subject: gpg: Fix a NULL-deref for invalid input data.

* g10/mainproc.c (proc_encrypted): Take care of canceled passpharse
entry.
--

GnuPG-bug-id: 1761
Signed-off-by: Werner Koch <wk@gnupg.org>

(backported from commit 32e85668b82f6fbcb824eea9548970804fb41d9e)
---
 g10/mainproc.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/g10/mainproc.c b/g10/mainproc.c
index d355a21c5..15baefed6 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -540,7 +540,9 @@ proc_encrypted( CTX c, PACKET *pkt )
 	result = -1;
     else if( !c->dek && !c->last_was_session_key ) {
         int algo;
-        STRING2KEY s2kbuf, *s2k = NULL;
+        STRING2KEY s2kbuf;
+        STRING2KEY *s2k = NULL;
+        int canceled;
 
 	if(opt.override_session_key)
 	  {
@@ -580,9 +582,13 @@ proc_encrypted( CTX c, PACKET *pkt )
 		log_info (_("assuming %s encrypted data\n"), "IDEA");
 	      }
 
-	    c->dek = passphrase_to_dek ( NULL, 0, algo, s2k, 0, NULL, NULL );
+	    c->dek = passphrase_to_dek ( NULL, 0, algo, s2k, 0, NULL,&canceled);
 	    if (c->dek)
 	      c->dek->algo_info_printed = 1;
+            else if (canceled)
+              result = G10ERR_CANCELED;
+            else
+              result = G10ERR_PASSPHRASE;
 	  }
     }
     else if( !c->dek )
-- 
cgit v1.2.3