k_f 15/04/13 17:45:00 Added: gnupg-2.1.3-gpg-fix-null-segv.patch Log: Add fix for NULL-segv due to invalid imported data, reported by Hanno Böck. (Portage version: 2.2.14/cvs/Linux x86_64, signed Manifest commit with key 0xFED5002857C1ABFA!)
Revision Changes Path 1.1 app-crypt/gnupg/files/gnupg-2.1.3-gpg-fix-null-segv.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-crypt/gnupg/files/gnupg-2.1.3-gpg-fix-null-segv.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-crypt/gnupg/files/gnupg-2.1.3-gpg-fix-null-segv.patch?rev=1.1&content-type=text/plain Index: gnupg-2.1.3-gpg-fix-null-segv.patch =================================================================== >From 25fce93ba19d997e234a674d5cc98df82c5b5496 Mon Sep 17 00:00:00 2001 From: Werner Koch <[email protected]> Date: Mon, 13 Apr 2015 11:44:10 +0200 Subject: [PATCH] gpg: Fix NULL-segv due to invalid imported data. MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit * g10/free-packet.c (my_mpi_copy): New. (copy_public_key, copy_signature): Use instead of mpi_copy. -- Reported-by: Hanno Böck Signed-off-by: Werner Koch <[email protected]> --- g10/free-packet.c | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/g10/free-packet.c b/g10/free-packet.c index 99e7404..49d54f4 100644 --- a/g10/free-packet.c +++ b/g10/free-packet.c @@ -31,6 +31,20 @@ #include "options.h" +/* This is mpi_copy with a fix for opaque MPIs which store a NULL + pointer. This will also be fixed in Libggcrypt 1.7.0. */ +static gcry_mpi_t +my_mpi_copy (gcry_mpi_t a) +{ + if (a + && gcry_mpi_get_flag (a, GCRYMPI_FLAG_OPAQUE) + && !gcry_mpi_get_opaque (a, NULL)) + return NULL; + + return gcry_mpi_copy (a); +} + + void free_symkey_enc( PKT_symkey_enc *enc ) { @@ -190,11 +204,11 @@ copy_public_key (PKT_public_key *d, PKT_public_key *s) n = pubkey_get_npkey (s->pubkey_algo); i = 0; if (!n) - d->pkey[i++] = mpi_copy (s->pkey[0]); + d->pkey[i++] = my_mpi_copy (s->pkey[0]); else { for (; i < n; i++ ) - d->pkey[i] = mpi_copy( s->pkey[i] ); + d->pkey[i] = my_mpi_copy (s->pkey[i]); } for (; i < PUBKEY_MAX_NSKEY; i++) d->pkey[i] = NULL; @@ -237,10 +251,10 @@ copy_signature( PKT_signature *d, PKT_signature *s ) memcpy( d, s, sizeof *d ); n = pubkey_get_nsig( s->pubkey_algo ); if( !n ) - d->data[0] = mpi_copy(s->data[0]); + d->data[0] = my_mpi_copy(s->data[0]); else { for(i=0; i < n; i++ ) - d->data[i] = mpi_copy( s->data[i] ); + d->data[i] = my_mpi_copy( s->data[i] ); } d->pka_info = s->pka_info? cp_pka_info (s->pka_info) : NULL; d->hashed = cp_subpktarea (s->hashed); -- 2.1.4
