security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-05-24 16:43:28 +02:00
Code Activity

gpg: Avoid NULL-deref in default key listing.

Browse Source 
* g10/keyid.c (hash_public_key): Take care of NULL keys.
* g10/misc.c (pubkey_nbits): Ditto.
--

This problem was mainly due to our ECC code while checking for opaque
MPIs with the curve name.
This commit is contained in:
Werner Koch 2014-06-02 19:51:23 +02:00
parent f3249b1c4d
commit 958e5f292f
2 changed files with 50 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
g10/keyid.c
View File

@ -167,7 +167,15 @@ hash_public_key (gcry_md_hd_t md, PKT_public_key *pk)
{ {
for (i=0; i < npkey; i++ ) for (i=0; i < npkey; i++ )
{ {
if (gcry_mpi_get_flag (pk->pkey[i], GCRYMPI_FLAG_OPAQUE)) if (!pk->pkey[i])
{
/* This case may only happen if the parsing of the MPI
failed but the key was anyway created. May happen
during "gpg KEYFILE". */
pp[i] = NULL;
nn[i] = 0;
}
else if (gcry_mpi_get_flag (pk->pkey[i], GCRYMPI_FLAG_OPAQUE))
{ {
const void *p; const void *p;

18
g10/misc.c
View File

@ -1631,23 +1631,31 @@ pubkey_nbits( int algo, gcry_mpi_t *key )
int rc, nbits; int rc, nbits;
gcry_sexp_t sexp; gcry_sexp_t sexp;
if( algo == PUBKEY_ALGO_DSA ) { if (algo == PUBKEY_ALGO_DSA
&& key[0] && key[1] && key[2] && key[3])
{
rc = gcry_sexp_build (&sexp, NULL, rc = gcry_sexp_build (&sexp, NULL,
"(public-key(dsa(p%m)(q%m)(g%m)(y%m)))", "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))",
key[0], key[1], key[2], key[3] ); key[0], key[1], key[2], key[3] );
} }
else if( algo == PUBKEY_ALGO_ELGAMAL || algo == PUBKEY_ALGO_ELGAMAL_E ) { else if ((algo == PUBKEY_ALGO_ELGAMAL || algo == PUBKEY_ALGO_ELGAMAL_E)
&& key[0] && key[1] && key[2])
{
rc = gcry_sexp_build (&sexp, NULL, rc = gcry_sexp_build (&sexp, NULL,
"(public-key(elg(p%m)(g%m)(y%m)))", "(public-key(elg(p%m)(g%m)(y%m)))",
key[0], key[1], key[2] ); key[0], key[1], key[2] );
} }
else if( is_RSA (algo) ) { else if (is_RSA (algo)
&& key[0] && key[1])
{
rc = gcry_sexp_build (&sexp, NULL, rc = gcry_sexp_build (&sexp, NULL,
"(public-key(rsa(n%m)(e%m)))", "(public-key(rsa(n%m)(e%m)))",
key[0], key[1] ); key[0], key[1] );
} }
else if (algo == PUBKEY_ALGO_ECDSA || algo == PUBKEY_ALGO_ECDH else if ((algo == PUBKEY_ALGO_ECDSA || algo == PUBKEY_ALGO_ECDH
|| algo == PUBKEY_ALGO_EDDSA) { || algo == PUBKEY_ALGO_EDDSA)
&& key[0] && key[1])
{
char *curve = openpgp_oid_to_str (key[0]); char *curve = openpgp_oid_to_str (key[0]);
if (!curve) if (!curve)
rc = gpg_error_from_syserror (); rc = gpg_error_from_syserror ();