diff options
author | Werner Koch <wk@gnupg.org> | 2014-08-21 14:12:55 +0200 |
---|---|---|
committer | Werner Koch <wk@gnupg.org> | 2014-08-21 14:14:25 +0200 |
commit | e606d5f1bada1f2d21faeedd3fa2cf2dca7b274c (patch) | |
tree | b2f21e4d565b0b7fc8ebb23afa718cd78fcda47e /src/sexp.c | |
parent | f850add813d783f31ca6a60459dea25ef71bce7e (diff) | |
download | libgcrypt-e606d5f1bada1f2d21faeedd3fa2cf2dca7b274c.tar.gz |
sexp: Check args of gcry_sexp_build.
* src/sexp.c (do_vsexp_sscan): Return error for invalid args.
--
This helps to avoid usage errors by passing NULL for the return
variable and the format string.
Diffstat (limited to 'src/sexp.c')
-rw-r--r-- | src/sexp.c | 11 |
1 files changed, 8 insertions, 3 deletions
@@ -1119,6 +1119,13 @@ do_vsexp_sscan (gcry_sexp_t *retsexp, size_t *erroff, int arg_counter = 0; int level = 0; + if (!retsexp) + return GPG_ERR_INV_ARG; + *retsexp = NULL; + + if (!buffer) + return GPG_ERR_INV_ARG; + if (!erroff) erroff = &dummy_erroff; @@ -1160,7 +1167,7 @@ do_vsexp_sscan (gcry_sexp_t *retsexp, size_t *erroff, the provided one. However, we add space for one extra datalen so that the code which does the ST_CLOSE can use MAKE_SPACE */ c.allocated = length + sizeof(DATALEN); - if (buffer && length && _gcry_is_secure (buffer)) + if (length && _gcry_is_secure (buffer)) c.sexp = xtrymalloc_secure (sizeof *c.sexp + c.allocated - 1); else c.sexp = xtrymalloc (sizeof *c.sexp + c.allocated - 1); @@ -1682,8 +1689,6 @@ do_vsexp_sscan (gcry_sexp_t *retsexp, size_t *erroff, wipememory (c.sexp, sizeof (struct gcry_sexp) + c.allocated - 1); xfree (c.sexp); } - /* This might be expected by existing code... */ - *retsexp = NULL; } else *retsexp = normalize (c.sexp); |