Sophie

Sophie

distrib > Mageia > 4 > x86_64 > media > core-updates-src > by-pkgid > e8168c9160b7cf86e54db4c837557044 > files > 7

gnupg2-2.0.22-3.2.mga4.src.rpm

From 7e12ec4c7d6df29a7d7935399fccd2594ebb4a7e Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 12 Feb 2015 18:52:07 +0100
Subject: [PATCH] gpg: Fix a NULL-deref due to empty ring trust packets.
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

* g10/parse-packet.c (parse_trust): Always allocate a packet.
--

Reported-by: Hanno Böck <hanno@hboeck.de>
Signed-off-by: Werner Koch <wk@gnupg.org>

(back ported from commit 39978487863066e59bb657f5fe4e8baab510da7e)
---
 g10/parse-packet.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index c374477..7b379c1 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -2324,11 +2324,11 @@ parse_trust( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *pkt )
 
   (void)pkttype;
 
+  pkt->pkt.ring_trust = xmalloc( sizeof *pkt->pkt.ring_trust );
   if (pktlen)
     {
       c = iobuf_get_noeof(inp);
       pktlen--;
-      pkt->pkt.ring_trust = xmalloc( sizeof *pkt->pkt.ring_trust );
       pkt->pkt.ring_trust->trustval = c;
       pkt->pkt.ring_trust->sigcache = 0;
       if (!c && pktlen==1)
@@ -2346,8 +2346,10 @@ parse_trust( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *pkt )
     }
   else
     {
-      if( list_mode )
-	fprintf (listfp, ":trust packet: empty\n");
+      pkt->pkt.ring_trust->trustval = 0;
+      pkt->pkt.ring_trust->sigcache = 0;
+      if (list_mode)
+        fprintf (listfp, ":trust packet: empty\n");
     }
   iobuf_skip_rest (inp, pktlen, 0);
 }
-- 
2.1.4

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional