security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-08 12:44:23 +01:00
Code Activity

Protect against NULL return of mpi_get_opaque.

Browse Source 
* g10/seckey-cert.c (do_check): Call BUG for NULL return of
get_opaque.
--

This is the suggested addition from commit 6f03218.  We better run
into an fatal error than into a segv.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2015-02-23 11:04:35 +01:00
parent 6f032181ba
commit e0c13ad5f2
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
g10/seckey-cert.c
View File

@ -91,8 +91,12 @@ do_check( PKT_secret_key *sk, const char *tryagain_text, int mode,
u16 csumc = 0; u16 csumc = 0;
i = pubkey_get_npkey(sk->pubkey_algo); i = pubkey_get_npkey(sk->pubkey_algo);
assert( mpi_is_opaque( sk->skey[i] ) ); if (!mpi_is_opaque (sk->skey[i]))
p = mpi_get_opaque( sk->skey[i], &ndata ); p = NULL;
else
p = mpi_get_opaque (sk->skey[i], &ndata);
if (!p)
BUG ();
if ( ndata > 1 ) if ( ndata > 1 )
csumc = p[ndata-2] << 8 | p[ndata-1]; csumc = p[ndata-2] << 8 | p[ndata-1];
data = xmalloc_secure( ndata ); data = xmalloc_secure( ndata );
@ -169,9 +173,12 @@ do_check( PKT_secret_key *sk, const char *tryagain_text, int mode,
byte *p; byte *p;
unsigned int ndata; unsigned int ndata;
assert (mpi_is_opaque (sk->skey[i])); if (!mpi_is_opaque (sk->skey[i]))
p = mpi_get_opaque (sk->skey[i], &ndata); p = NULL;
assert (ndata >= 2); else
p = mpi_get_opaque (sk->skey[i], &ndata);
if (!p || !(ndata >= 2))
BUG ();
assert (ndata == ((p[0] << 8 | p[1]) + 7)/8 + 2); assert (ndata == ((p[0] << 8 | p[1]) + 7)/8 + 2);
buffer = xmalloc_secure (ndata); buffer = xmalloc_secure (ndata);
cipher_sync (cipher_hd); cipher_sync (cipher_hd);