1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-03-26 22:29:58 +01:00

Fix crash while reading unsupported ssh keys.

This bug was found by n-roeser at gmx.net
(gnupg-devel@, msgid 4DFC7298.4040509@gmx.net).
This commit is contained in:
Werner Koch 2011-07-22 09:40:51 +02:00
parent 68fb27e7f0
commit 5a4071a273
2 changed files with 73 additions and 73 deletions

View File

@ -1,3 +1,8 @@
2011-07-22 Werner Koch <wk@g10code.com>
* command-ssh.c (ssh_receive_key): Do not init comment to an empty
static string; in the error case it would be freed.
2011-04-29 Werner Koch <wk@g10code.com>
* gpg-agent.c: Include estream.h

View File

@ -1351,17 +1351,13 @@ ssh_receive_key (estream_t stream, gcry_sexp_t *key_new, int secret,
int read_comment, ssh_key_type_spec_t *key_spec)
{
gpg_error_t err;
char *key_type;
char *comment;
gcry_sexp_t key;
char *key_type = NULL;
char *comment = NULL;
gcry_sexp_t key = NULL;
ssh_key_type_spec_t spec;
gcry_mpi_t *mpi_list;
gcry_mpi_t *mpi_list = NULL;
const char *elems;
mpi_list = NULL;
key_type = NULL;
comment = "";
key = NULL;
err = stream_read_cstring (stream, &key_type);
if (err)
@ -1394,7 +1390,7 @@ ssh_receive_key (estream_t stream, gcry_sexp_t *key_new, int secret,
goto out;
}
err = sexp_key_construct (&key, spec, secret, mpi_list, comment);
err = sexp_key_construct (&key, spec, secret, mpi_list, comment? comment:"");
if (err)
goto out;
@ -1406,8 +1402,7 @@ ssh_receive_key (estream_t stream, gcry_sexp_t *key_new, int secret,
mpint_list_free (mpi_list);
xfree (key_type);
if (read_comment)
xfree (comment);
xfree (comment);
return err;
}