security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

sm: Fix possible NULL deref in error messages of --gen-key. 

* sm/certreqgen.c: Protect printing the line numbers in case of !R.
--

GnuPG-bug-id: 4895
Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2020-03-30 17:16:30 +02:00
parent 1424c12e4c
commit 2b4b0b1223
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 22 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
sm/certreqgen.c
View File

@ -198,7 +198,7 @@ parse_parameter_usage (struct para_data_s *para, enum para_name key)
use |= GCRY_PK_USAGE_CERT; use |= GCRY_PK_USAGE_CERT;
else else
{ {
log_error ("line %d: invalid usage list\n", r->lnr); log_error ("line %d: invalid usage list\n", r?r->lnr:0);
return -1; /* error */ return -1; /* error */
} }
} }
@ -461,7 +461,10 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para,
if ( (i < 1 || i != GCRY_PK_RSA) && !cardkeyid ) if ( (i < 1 || i != GCRY_PK_RSA) && !cardkeyid )
{ {
r = get_parameter (para, pKEYTYPE, 0); r = get_parameter (para, pKEYTYPE, 0);
log_error (_("line %d: invalid algorithm\n"), r->lnr); if (r)
log_error (_("line %d: invalid algorithm\n"), r?r->lnr:0);
else
log_error ("No Key-Type specified\n");
return gpg_error (GPG_ERR_INV_PARAMETER); return gpg_error (GPG_ERR_INV_PARAMETER);
} }
@ -476,7 +479,7 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para,
/* The BSI specs dated 2002-11-25 don't allow lengths below 1024. */ /* The BSI specs dated 2002-11-25 don't allow lengths below 1024. */
r = get_parameter (para, pKEYLENGTH, 0); r = get_parameter (para, pKEYLENGTH, 0);
log_error (_("line %d: invalid key length %u (valid are %d to %d)\n"), log_error (_("line %d: invalid key length %u (valid are %d to %d)\n"),
r->lnr, nbits, 1024, 4096); r?r->lnr:0, nbits, 1024, 4096);
xfree (cardkeyid); xfree (cardkeyid);
return gpg_error (GPG_ERR_INV_PARAMETER); return gpg_error (GPG_ERR_INV_PARAMETER);
} }
@ -493,7 +496,7 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para,
if (!(s=get_parameter_value (para, pNAMEDN, 0))) if (!(s=get_parameter_value (para, pNAMEDN, 0)))
{ {
r = get_parameter (para, pNAMEDN, 0); r = get_parameter (para, pNAMEDN, 0);
log_error (_("line %d: no subject name given\n"), r->lnr); log_error (_("line %d: no subject name given\n"), r?r->lnr:0);
xfree (cardkeyid); xfree (cardkeyid);
return gpg_error (GPG_ERR_INV_PARAMETER); return gpg_error (GPG_ERR_INV_PARAMETER);
} }
@ -503,10 +506,10 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para,
r = get_parameter (para, pNAMEDN, 0); r = get_parameter (para, pNAMEDN, 0);
if (gpg_err_code (err) == GPG_ERR_UNKNOWN_NAME) if (gpg_err_code (err) == GPG_ERR_UNKNOWN_NAME)
log_error (_("line %d: invalid subject name label '%.*s'\n"), log_error (_("line %d: invalid subject name label '%.*s'\n"),
r->lnr, (int)errlen, s+erroff); r?r->lnr:0, (int)errlen, s+erroff);
else else
log_error (_("line %d: invalid subject name '%s' at pos %d\n"), log_error (_("line %d: invalid subject name '%s' at pos %d\n"),
r->lnr, s, (int)erroff); r?r->lnr:0, s, (int)erroff);
xfree (cardkeyid); xfree (cardkeyid);
return gpg_error (GPG_ERR_INV_PARAMETER); return gpg_error (GPG_ERR_INV_PARAMETER);
@ -522,7 +525,7 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para,
|| strstr(s, "..")) || strstr(s, ".."))
{ {
r = get_parameter (para, pNAMEEMAIL, seq); r = get_parameter (para, pNAMEEMAIL, seq);
log_error (_("line %d: not a valid email address\n"), r->lnr); log_error (_("line %d: not a valid email address\n"), r?r->lnr:0);
xfree (cardkeyid); xfree (cardkeyid);
return gpg_error (GPG_ERR_INV_PARAMETER); return gpg_error (GPG_ERR_INV_PARAMETER);
} }
@ -541,7 +544,7 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para,
if (*s) if (*s)
{ {
r = get_parameter (para, pSERIAL, 0); r = get_parameter (para, pSERIAL, 0);
log_error (_("line %d: invalid serial number\n"), r->lnr); log_error (_("line %d: invalid serial number\n"), r?r->lnr:0);
xfree (cardkeyid); xfree (cardkeyid);
return gpg_error (GPG_ERR_INV_PARAMETER); return gpg_error (GPG_ERR_INV_PARAMETER);
} }
@ -558,10 +561,10 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para,
r = get_parameter (para, pISSUERDN, 0); r = get_parameter (para, pISSUERDN, 0);
if (gpg_err_code (err) == GPG_ERR_UNKNOWN_NAME) if (gpg_err_code (err) == GPG_ERR_UNKNOWN_NAME)
log_error (_("line %d: invalid issuer name label '%.*s'\n"), log_error (_("line %d: invalid issuer name label '%.*s'\n"),
r->lnr, (int)errlen, string+erroff); r?r->lnr:0, (int)errlen, string+erroff);
else else
log_error (_("line %d: invalid issuer name '%s' at pos %d\n"), log_error (_("line %d: invalid issuer name '%s' at pos %d\n"),
r->lnr, string, (int)erroff); r?r->lnr:0, string, (int)erroff);
xfree (cardkeyid); xfree (cardkeyid);
return gpg_error (GPG_ERR_INV_PARAMETER); return gpg_error (GPG_ERR_INV_PARAMETER);
} }
@ -572,7 +575,7 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para,
if (string && !string2isotime (NULL, string)) if (string && !string2isotime (NULL, string))
{ {
r = get_parameter (para, pNOTBEFORE, 0); r = get_parameter (para, pNOTBEFORE, 0);
log_error (_("line %d: invalid date given\n"), r->lnr); log_error (_("line %d: invalid date given\n"), r?r->lnr:0);
xfree (cardkeyid); xfree (cardkeyid);
return gpg_error (GPG_ERR_INV_PARAMETER); return gpg_error (GPG_ERR_INV_PARAMETER);
} }
@ -583,7 +586,7 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para,
if (string && !string2isotime (NULL, string)) if (string && !string2isotime (NULL, string))
{ {
r = get_parameter (para, pNOTAFTER, 0); r = get_parameter (para, pNOTAFTER, 0);
log_error (_("line %d: invalid date given\n"), r->lnr); log_error (_("line %d: invalid date given\n"), r?r->lnr:0);
xfree (cardkeyid); xfree (cardkeyid);
return gpg_error (GPG_ERR_INV_PARAMETER); return gpg_error (GPG_ERR_INV_PARAMETER);
} }
@ -597,7 +600,7 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para,
{ {
r = get_parameter (para, pKEYTYPE, 0); r = get_parameter (para, pKEYTYPE, 0);
log_error (_("line %d: error getting signing key by keygrip '%s'" log_error (_("line %d: error getting signing key by keygrip '%s'"
": %s\n"), r->lnr, s, gpg_strerror (rc)); ": %s\n"), r?r->lnr:0, s, gpg_strerror (rc));
xfree (cardkeyid); xfree (cardkeyid);
return rc; return rc;
} }
@ -615,7 +618,7 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para,
|| mdalgo == GCRY_MD_SHA512))) || mdalgo == GCRY_MD_SHA512)))
{ {
r = get_parameter (para, pHASHALGO, 0); r = get_parameter (para, pHASHALGO, 0);
log_error (_("line %d: invalid hash algorithm given\n"), r->lnr); log_error (_("line %d: invalid hash algorithm given\n"), r?r->lnr:0);
xfree (cardkeyid); xfree (cardkeyid);
return gpg_error (GPG_ERR_INV_PARAMETER); return gpg_error (GPG_ERR_INV_PARAMETER);
} }
@ -630,7 +633,7 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para,
if (*s || (i&1)) if (*s || (i&1))
{ {
r = get_parameter (para, pAUTHKEYID, 0); r = get_parameter (para, pAUTHKEYID, 0);
log_error (_("line %d: invalid authority-key-id\n"), r->lnr); log_error (_("line %d: invalid authority-key-id\n"), r?r->lnr:0);
xfree (cardkeyid); xfree (cardkeyid);
return gpg_error (GPG_ERR_INV_PARAMETER); return gpg_error (GPG_ERR_INV_PARAMETER);
} }
@ -645,7 +648,7 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para,
if (*s || (i&1)) if (*s || (i&1))
{ {
r = get_parameter (para, pSUBJKEYID, 0); r = get_parameter (para, pSUBJKEYID, 0);
log_error (_("line %d: invalid subject-key-id\n"), r->lnr); log_error (_("line %d: invalid subject-key-id\n"), r?r->lnr:0);
xfree (cardkeyid); xfree (cardkeyid);
return gpg_error (GPG_ERR_INV_PARAMETER); return gpg_error (GPG_ERR_INV_PARAMETER);
} }
@ -683,7 +686,7 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para,
if (!okay) if (!okay)
{ {
r = get_parameter (para, pEXTENSION, seq); r = get_parameter (para, pEXTENSION, seq);
log_error (_("line %d: invalid extension syntax\n"), r->lnr); log_error (_("line %d: invalid extension syntax\n"), r? r->lnr:0);
xfree (cardkeyid); xfree (cardkeyid);
return gpg_error (GPG_ERR_INV_PARAMETER); return gpg_error (GPG_ERR_INV_PARAMETER);
} }
@ -697,7 +700,7 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para,
{ {
r = get_parameter (para, pKEYTYPE, 0); r = get_parameter (para, pKEYTYPE, 0);
log_error (_("line %d: error reading key '%s' from card: %s\n"), log_error (_("line %d: error reading key '%s' from card: %s\n"),
r->lnr, cardkeyid, gpg_strerror (rc)); r?r->lnr:0, cardkeyid, gpg_strerror (rc));
xfree (sigkey); xfree (sigkey);
xfree (cardkeyid); xfree (cardkeyid);
return rc; return rc;
@ -727,7 +730,7 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para,
{ {
r = get_parameter (para, pKEYTYPE, 0); r = get_parameter (para, pKEYTYPE, 0);
log_error (_("line %d: key generation failed: %s <%s>\n"), log_error (_("line %d: key generation failed: %s <%s>\n"),
r->lnr, gpg_strerror (rc), gpg_strsource (rc)); r?r->lnr:0, gpg_strerror (rc), gpg_strsource (rc));
xfree (sigkey); xfree (sigkey);
xfree (cardkeyid); xfree (cardkeyid);
return rc; return rc;