mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-23 10:29:58 +01:00
gpg: Fix segv due to NULL value stored as opaque MPI (BRANCH 2.0)
* g10/build-packet.c (do_secret_key): Check for NULL return from gcry_mpi_get_opaque. * g10/keyid.c (hash_public_key): Ditto. -- This is a backport of 76c8122adfed0f0f443cce7bda702ba2b39661b3 from master to the STABLE-BRANCH-2-0 On the STABLE-BRANCH-2-0, we may also want to patch g10/seckey-cert.c, but that has not been done in this patch. This fix extends commmit 0835d2f44ef62eab51fce6a927908f544e01cf8f. gpg2 --export --no-default-keyring --keyring TESTDATA With TESTDATA being below after unpacking. -----BEGIN PGP ARMORED FILE----- mBMEhdkMmS8BcX8F//8F5voEhQAQmBMEnAAAZwAAo4D/f/8EhQAAAIAEnP8EhQAQ iBMEnP8AAAAABf8jIID///8EhQYQmBMEnIUAEIgTBKT/AAAAAAUAACCA/f//BIUA EJgTBJx/AP8ABPPzBJx/AP8ABPPz =2yE0 -----END PGP ARMORED FILE----- Reported-by: Jodie Cunningham Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
This commit is contained in:
parent
9dcf345a84
commit
b2d9d105f7
@ -398,6 +398,7 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk )
|
|||||||
|
|
||||||
assert (gcry_mpi_get_flag (sk->skey[npkey], GCRYMPI_FLAG_OPAQUE));
|
assert (gcry_mpi_get_flag (sk->skey[npkey], GCRYMPI_FLAG_OPAQUE));
|
||||||
p = gcry_mpi_get_opaque (sk->skey[npkey], &ndatabits );
|
p = gcry_mpi_get_opaque (sk->skey[npkey], &ndatabits );
|
||||||
|
if (p)
|
||||||
iobuf_write (a, p, (ndatabits+7)/8 );
|
iobuf_write (a, p, (ndatabits+7)/8 );
|
||||||
}
|
}
|
||||||
else if ( sk->is_protected )
|
else if ( sk->is_protected )
|
||||||
@ -410,6 +411,7 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk )
|
|||||||
|
|
||||||
assert (gcry_mpi_get_flag (sk->skey[i], GCRYMPI_FLAG_OPAQUE));
|
assert (gcry_mpi_get_flag (sk->skey[i], GCRYMPI_FLAG_OPAQUE));
|
||||||
p = gcry_mpi_get_opaque (sk->skey[i], &ndatabits);
|
p = gcry_mpi_get_opaque (sk->skey[i], &ndatabits);
|
||||||
|
if (p)
|
||||||
iobuf_write (a, p, (ndatabits+7)/8);
|
iobuf_write (a, p, (ndatabits+7)/8);
|
||||||
}
|
}
|
||||||
write_16(a, sk->csum );
|
write_16(a, sk->csum );
|
||||||
|
@ -115,15 +115,19 @@ hash_public_key( gcry_md_hd_t md, PKT_public_key *pk )
|
|||||||
if(npkey==0 && pk->pkey[0]
|
if(npkey==0 && pk->pkey[0]
|
||||||
&& gcry_mpi_get_flag (pk->pkey[0], GCRYMPI_FLAG_OPAQUE))
|
&& gcry_mpi_get_flag (pk->pkey[0], GCRYMPI_FLAG_OPAQUE))
|
||||||
{
|
{
|
||||||
|
if (pp[0])
|
||||||
gcry_md_write (md, pp[0], nn[0]);
|
gcry_md_write (md, pp[0], nn[0]);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
{
|
||||||
for(i=0; i < npkey; i++ )
|
for(i=0; i < npkey; i++ )
|
||||||
{
|
{
|
||||||
|
if (pp[i])
|
||||||
gcry_md_write ( md, pp[i], nn[i] );
|
gcry_md_write ( md, pp[i], nn[i] );
|
||||||
xfree(pp[i]);
|
xfree(pp[i]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
static gcry_md_hd_t
|
static gcry_md_hd_t
|
||||||
do_fingerprint_md( PKT_public_key *pk )
|
do_fingerprint_md( PKT_public_key *pk )
|
||||||
|
Loading…
x
Reference in New Issue
Block a user