diff options
| author | Werner Koch <wk@gnupg.org> | 2014-08-21 11:39:17 +0200 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2014-08-21 12:22:37 +0200 |
| commit | 18056ace7f466cb8c1eaf08e5dc0400516d83b4c (patch) | |
| tree | c9da7e759ba962071b2a961082d2c5a32326df58 /cipher/primegen.c | |
| parent | 34bb55ee36df3aca3ebca88f8b61c786cd0c0701 (diff) | |
| download | libgcrypt-18056ace7f466cb8c1eaf08e5dc0400516d83b4c.tar.gz | |
cipher: Fix possible NULL deref in call to prime generator.
* cipher/primegen.c (_gcry_generate_elg_prime): Change to return an
error code.
* cipher/dsa.c (generate): Take care of new return code.
* cipher/elgamal.c (generate): Change to return an error code. Take
care of _gcry_generate_elg_prime return code.
(generate_using_x): Take care of _gcry_generate_elg_prime return code.
(elg_generate): Propagate return code from generate.
--
GnuPG-bug-id: 1699, 1700
Reported-by: S.K. Gupta
Note that the NULL deref may have only happened on malloc failure.
Diffstat (limited to 'cipher/primegen.c')
| -rw-r--r-- | cipher/primegen.c | 25 |
1 files changed, 14 insertions, 11 deletions
diff --git a/cipher/primegen.c b/cipher/primegen.c index 9f6ec705..14a5ccfe 100644 --- a/cipher/primegen.c +++ b/cipher/primegen.c @@ -726,19 +726,22 @@ prime_generate_internal (int need_q_factor, /* Generate a prime used for discrete logarithm algorithms; i.e. this - prime will be public and no strong random is required. */ -gcry_mpi_t + prime will be public and no strong random is required. On success + R_PRIME receives a new MPI with the prime. On error R_PRIME is set + to NULL and an error code is returned. If RET_FACTORS is not NULL + it is set to an allocated array of factors on success or to NULL on + error. */ +gcry_err_code_t _gcry_generate_elg_prime (int mode, unsigned pbits, unsigned qbits, - gcry_mpi_t g, gcry_mpi_t **ret_factors) + gcry_mpi_t g, + gcry_mpi_t *r_prime, gcry_mpi_t **ret_factors) { - gcry_mpi_t prime = NULL; - - if (prime_generate_internal ((mode == 1), &prime, pbits, qbits, g, - ret_factors, GCRY_WEAK_RANDOM, 0, 0, - NULL, NULL)) - prime = NULL; /* (Should be NULL in the error case anyway.) */ - - return prime; + *r_prime = NULL; + if (ret_factors) + *ret_factors = NULL; + return prime_generate_internal ((mode == 1), r_prime, pbits, qbits, g, + ret_factors, GCRY_WEAK_RANDOM, 0, 0, + NULL, NULL); } |