common: Make openpgp_oid_to_str more robust.

* common/openpgp-oid.c (openpgp_oid_to_str): Take care of gcry_mpi_get_opaque returning NULL. Remove useless condition !BUF. -- It is possible that an opaque MPI stores just a NULL pointer. Take care of that before incrementing the pointer. We return an error in this case because at least a length byte is required. Found due to hint from stack 0.3: bug: anti-simplify model: | %tobool15 = icmp ne i8* %incdec.ptr, null, !dbg !567 --> true stack: - /home/wk/s/gnupg/common/openpgp-oid.c:220:0 ncore: 1 core: - /home/wk/s/gnupg/common/openpgp-oid.c:212:0 - pointer overflow Signed-off-by: Werner Koch <wk@gnupg.org>
2025-01-02 12:01:32 +01:00 · 2015-03-15 12:07:21 +01:00 · 2015-03-15 12:07:21 +01:00 · 35db798c2d
commit 35db798c2d
parent efde50f92a
1 changed files with 4 additions and 2 deletions
--- a/common/openpgp-oid.c
+++ b/common/openpgp-oid.c
@ -192,7 +192,9 @@ openpgp_oid_to_str (gcry_mpi_t a)

  valmask = (unsigned long)0xfe << (8 * (sizeof (valmask) - 1));

-  if (!a || !gcry_mpi_get_flag (a, GCRYMPI_FLAG_OPAQUE))
+  if (!a
+      || !gcry_mpi_get_flag (a, GCRYMPI_FLAG_OPAQUE)
+      || !(buf = gcry_mpi_get_opaque (a, &lengthi)))
    {
      gpg_err_set_errno (EINVAL);
      return NULL;
@ -217,7 +219,7 @@ openpgp_oid_to_str (gcry_mpi_t a)
  string = p = xtrymalloc (length*(1+3)+2+1);
  if (!string)
    return NULL;
-  if (!buf || !length)
+  if (!length)
    {
      *p = 0;
      return string;