Page MenuHome GnuPG

A few small bugs found by a review
Closed, ResolvedPublic

Description

There are a few small bugs found by a review done by Steve Grubb. I wrote a
patch fixing these bugs.

Namely:

In gnupg-2.0.16/g10/sign.c

  • At line 871 is this: gcry_mpi_get_nbits(sk_rover->sk->skey[1])+7/8; There are

missing proper parenthesis.

In gnupg-2.0.16/g10/import.c

  • At line 204 is a test that fname != NULL. This test will always be false

because it gets assigned "[stdin]" at line 185 if it were NULL.

In gnupg-2.0.16/g10/keygen.c

  • At line 2250 is this code: if( !amail && !acomment && !amail ). The first

"amail" should have been "aname".

In gnupg-2.0.16/keyserver/gpgkeys_ldap.c

  • At line 1998 and 2378 are returns that do not free "binddn"
  • At line 1998 and 2378 are returns that do not free "bindpw"

In gnupg-2.0.16/keyserver/gpgkeys_hkp.c

  • At line 710 is a return without freeing "proxy"

In gnupg-2.0.16/keyserver/gpgkeys_curl.c

  • At line 262 is a return without freeing "proxy"

In gnupg-2.0.16/common/pka.c

  • There are multiple pointer aliasing problems.

Details

Version
2.0.16

Event Timeline

g10/sign.c: Pretty obvious error. Not a really problem because DSA
key sizes must be multiples of 8 bytes.

g10/import.c: Right. However it doesn't matter because NNAMES is 1
and thus the loop will be broken anyway. If called with an array as
input there won't be NULL in the array due to the way it gets called
(main's argc/argv). Fixed it anyway by introducing an extra
condition.

g10/keygen.c
Pretty old bug - at least 7 years.

keyserver/gpgkeys_ldap.c:
Won't fix because after an internal error return the process
terminates anyway and at the end of main a process terminates.

keyserver/gpgkeys_hkp.c
Won't fix. Same reason as above.

keyserver/gpgkeys_curl.c
Won't fix. Same reason as above.

common/pka.c
This is for the non-adns case. Applied your patch. Thanks.

Backported fixes to 1.4. g10/sign.c was not an issue there.

werner claimed this task.