security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-06-15 00:29:49 +02:00
Code Activity

gpg: Fix segv due to NULL value stored as opaque MPI.

Browse Source 
* g10/build-packet.c (gpg_mpi_write): Check for NULL return from
gcry_mpi_get_opaque.
(gpg_mpi_write_nohdr, do_key): Ditto.
* g10/keyid.c (hash_public_key): Ditto.
--

This fix extends commmit 0835d2f44e.

  gpg2 --export --no-default-keyring --keyring TESTDATA

With TESTDATA being below after unpacking.

-----BEGIN PGP ARMORED FILE-----

mBMEhdkMmS8BcX8F//8F5voEhQAQmBMEnAAAZwAAo4D/f/8EhQAAAIAEnP8EhQAQ
iBMEnP8AAAAABf8jIID///8EhQYQmBMEnIUAEIgTBKT/AAAAAAUAACCA/f//BIUA
EJgTBJx/AP8ABPPzBJx/AP8ABPPz
=2yE0
-----END PGP ARMORED FILE-----

Reported-by: Jodie Cunningham
Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2015-02-19 16:29:58 +01:00
parent 07a71da479
commit 76c8122adf
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
2 changed files with 18 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
g10/build-packet.c
View File

@ -171,7 +171,7 @@ gpg_mpi_write (iobuf_t out, gcry_mpi_t a)
lenhdr[0] = nbits >> 8; lenhdr[0] = nbits >> 8;
lenhdr[1] = nbits; lenhdr[1] = nbits;
rc = iobuf_write (out, lenhdr, 2); rc = iobuf_write (out, lenhdr, 2);
if (!rc) if (!rc && p)
rc = iobuf_write (out, p, (nbits+7)/8); rc = iobuf_write (out, p, (nbits+7)/8);
} }
else else
@ -209,7 +209,7 @@ gpg_mpi_write_nohdr (iobuf_t out, gcry_mpi_t a)
const void *p; const void *p;
p = gcry_mpi_get_opaque (a, &nbits); p = gcry_mpi_get_opaque (a, &nbits);
rc = iobuf_write (out, p, (nbits+7)/8); rc = p ? iobuf_write (out, p, (nbits+7)/8) : 0;
} }
else else
rc = gpg_error (GPG_ERR_BAD_MPI); rc = gpg_error (GPG_ERR_BAD_MPI);
@ -393,7 +393,8 @@ do_key (iobuf_t out, int ctb, PKT_public_key *pk)
assert (gcry_mpi_get_flag (pk->pkey[npkey], GCRYMPI_FLAG_OPAQUE)); assert (gcry_mpi_get_flag (pk->pkey[npkey], GCRYMPI_FLAG_OPAQUE));
p = gcry_mpi_get_opaque (pk->pkey[npkey], &ndatabits); p = gcry_mpi_get_opaque (pk->pkey[npkey], &ndatabits);
iobuf_write (a, p, (ndatabits+7)/8 ); if (p)
iobuf_write (a, p, (ndatabits+7)/8 );
} }
else else
{ {

21
g10/keyid.c
View File

@ -179,7 +179,10 @@ hash_public_key (gcry_md_hd_t md, PKT_public_key *pk)
p = gcry_mpi_get_opaque (pk->pkey[i], &nbits); p = gcry_mpi_get_opaque (pk->pkey[i], &nbits);
pp[i] = xmalloc ((nbits+7)/8); pp[i] = xmalloc ((nbits+7)/8);
memcpy (pp[i], p, (nbits+7)/8); if (p)
memcpy (pp[i], p, (nbits+7)/8);
else
pp[i] = NULL;
nn[i] = (nbits+7)/8; nn[i] = (nbits+7)/8;
n += nn[i]; n += nn[i];
} }
@ -214,14 +217,18 @@ hash_public_key (gcry_md_hd_t md, PKT_public_key *pk)
if(npkey==0 && pk->pkey[0] if(npkey==0 && pk->pkey[0]
&& gcry_mpi_get_flag (pk->pkey[0], GCRYMPI_FLAG_OPAQUE)) && gcry_mpi_get_flag (pk->pkey[0], GCRYMPI_FLAG_OPAQUE))
{ {
gcry_md_write (md, pp[0], nn[0]); if (pp[0])
gcry_md_write (md, pp[0], nn[0]);
} }
else else
for(i=0; i < npkey; i++ ) {
{ for(i=0; i < npkey; i++ )
gcry_md_write ( md, pp[i], nn[i] ); {
xfree(pp[i]); if (pp[i])
} gcry_md_write ( md, pp[i], nn[i] );
xfree(pp[i]);
}
}
} }