1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-03 12:11:33 +01:00

gpg: Fix a NULL-deref due to empty ring trust packets.

* g10/parse-packet.c (parse_trust): Always allocate a packet.
--

Reported-by: Hanno Böck <hanno@hboeck.de>
Signed-off-by: Werner Koch <wk@gnupg.org>

(back ported from commit 39978487863066e59bb657f5fe4e8baab510da7e)

[dkg: rebased to STABLE-BRANCH-1-4]
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
This commit is contained in:
Werner Koch 2015-02-21 23:10:28 -05:00
parent 27d7addccf
commit 2e8db53854
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B

View File

@ -2245,11 +2245,13 @@ parse_trust( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *pkt )
{
int c;
(void)pkttype;
pkt->pkt.ring_trust = xmalloc( sizeof *pkt->pkt.ring_trust );
if (pktlen)
{
c = iobuf_get_noeof(inp);
pktlen--;
pkt->pkt.ring_trust = xmalloc( sizeof *pkt->pkt.ring_trust );
pkt->pkt.ring_trust->trustval = c;
pkt->pkt.ring_trust->sigcache = 0;
if (!c && pktlen==1)
@ -2267,7 +2269,9 @@ parse_trust( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *pkt )
}
else
{
if( list_mode )
pkt->pkt.ring_trust->trustval = 0;
pkt->pkt.ring_trust->sigcache = 0;
if (list_mode)
fprintf (listfp, ":trust packet: empty\n");
}
iobuf_skip_rest (inp, pktlen, 0);