From 7e12ec4c7d6df29a7d7935399fccd2594ebb4a7e Mon Sep 17 00:00:00 2001 From: Werner Koch <wk@gnupg.org> Date: Thu, 12 Feb 2015 18:52:07 +0100 Subject: [PATCH] gpg: Fix a NULL-deref due to empty ring trust packets. MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit * g10/parse-packet.c (parse_trust): Always allocate a packet. -- Reported-by: Hanno Böck <hanno@hboeck.de> Signed-off-by: Werner Koch <wk@gnupg.org> (back ported from commit 39978487863066e59bb657f5fe4e8baab510da7e) --- g10/parse-packet.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/g10/parse-packet.c b/g10/parse-packet.c index c374477..7b379c1 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -2324,11 +2324,11 @@ parse_trust( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *pkt ) (void)pkttype; + pkt->pkt.ring_trust = xmalloc( sizeof *pkt->pkt.ring_trust ); if (pktlen) { c = iobuf_get_noeof(inp); pktlen--; - pkt->pkt.ring_trust = xmalloc( sizeof *pkt->pkt.ring_trust ); pkt->pkt.ring_trust->trustval = c; pkt->pkt.ring_trust->sigcache = 0; if (!c && pktlen==1) @@ -2346,8 +2346,10 @@ parse_trust( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *pkt ) } else { - if( list_mode ) - fprintf (listfp, ":trust packet: empty\n"); + pkt->pkt.ring_trust->trustval = 0; + pkt->pkt.ring_trust->sigcache = 0; + if (list_mode) + fprintf (listfp, ":trust packet: empty\n"); } iobuf_skip_rest (inp, pktlen, 0); } -- 2.1.4