1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-06-17 00:39:50 +02:00

gpg: Consider that gcry_mpi_get_opaque may return NULL.

* g10/seckey-cert.c (do_check): Handle a NULL opaque MPI.
--

This patch extends b2d9d10 for secret keys.  The problem is that we
changed the semantics so that opaque MPIs may be NULL with a bit
length.  This patch is not required in GnuPG 2 because we do not use
secret keys there.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2015-06-02 17:41:30 +02:00
parent b2d9d105f7
commit 8a2134b8d5
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B

View File

@ -40,7 +40,6 @@ do_check( PKT_secret_key *sk, const char *tryagain_text, int mode,
int *canceled )
{
gpg_error_t err;
byte *buffer;
u16 csum=0;
int i, res;
size_t nbytes;
@ -116,10 +115,13 @@ do_check( PKT_secret_key *sk, const char *tryagain_text, int mode,
p = gcry_mpi_get_opaque ( sk->skey[i], &ndatabits );
ndata = (ndatabits+7)/8;
if ( ndata > 1 )
if ( ndata > 1 && p )
csumc = p[ndata-2] << 8 | p[ndata-1];
data = xmalloc_secure ( ndata );
if (p)
gcry_cipher_decrypt ( cipher_hd, data, ndata, p, ndata );
else
memset (data, 0, ndata);
gcry_mpi_release (sk->skey[i]); sk->skey[i] = NULL ;
p = data;
@ -197,6 +199,12 @@ do_check( PKT_secret_key *sk, const char *tryagain_text, int mode,
assert (gcry_mpi_get_flag (sk->skey[i], GCRYMPI_FLAG_OPAQUE));
p = gcry_mpi_get_opaque (sk->skey[i], &ndatabits);
if (!p)
err = -1;
else
{
byte *buffer;
ndata = (ndatabits+7)/8;
assert (ndata >= 2);
assert (ndata == ((p[0] << 8 | p[1]) + 7)/8 + 2);
@ -212,6 +220,7 @@ do_check( PKT_secret_key *sk, const char *tryagain_text, int mode,
err = gcry_mpi_scan( &sk->skey[i], GCRYMPI_FMT_PGP,
buffer, ndata, &ndata );
xfree (buffer);
}
if (err)
{
/* Checksum was okay, but not correctly