diff options
| author | Werner Koch <wk@gnupg.org> | 2014-08-21 11:39:17 +0200 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2014-08-21 12:22:37 +0200 |
| commit | 18056ace7f466cb8c1eaf08e5dc0400516d83b4c (patch) | |
| tree | c9da7e759ba962071b2a961082d2c5a32326df58 /cipher/dsa.c | |
| parent | 34bb55ee36df3aca3ebca88f8b61c786cd0c0701 (diff) | |
| download | libgcrypt-18056ace7f466cb8c1eaf08e5dc0400516d83b4c.tar.gz | |
cipher: Fix possible NULL deref in call to prime generator.
* cipher/primegen.c (_gcry_generate_elg_prime): Change to return an
error code.
* cipher/dsa.c (generate): Take care of new return code.
* cipher/elgamal.c (generate): Change to return an error code. Take
care of _gcry_generate_elg_prime return code.
(generate_using_x): Take care of _gcry_generate_elg_prime return code.
(elg_generate): Propagate return code from generate.
--
GnuPG-bug-id: 1699, 1700
Reported-by: S.K. Gupta
Note that the NULL deref may have only happened on malloc failure.
Diffstat (limited to 'cipher/dsa.c')
| -rw-r--r-- | cipher/dsa.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/cipher/dsa.c b/cipher/dsa.c index 1707d8cf..09cd9693 100644 --- a/cipher/dsa.c +++ b/cipher/dsa.c @@ -196,6 +196,7 @@ static gpg_err_code_t generate (DSA_secret_key *sk, unsigned int nbits, unsigned int qbits, int transient_key, dsa_domain_t *domain, gcry_mpi_t **ret_factors ) { + gpg_err_code_t rc; gcry_mpi_t p; /* the prime */ gcry_mpi_t q; /* the 160 bit prime factor */ gcry_mpi_t g; /* the generator */ @@ -247,7 +248,10 @@ generate (DSA_secret_key *sk, unsigned int nbits, unsigned int qbits, else { /* Generate new domain parameters. */ - p = _gcry_generate_elg_prime (1, nbits, qbits, NULL, ret_factors); + rc = _gcry_generate_elg_prime (1, nbits, qbits, NULL, &p, ret_factors); + if (rc) + return rc; + /* Get q out of factors. */ q = mpi_copy ((*ret_factors)[0]); gcry_assert (mpi_get_nbits (q) == qbits); |