Wrong if conditional check may lead to dereferencing of a NULL pointer in file cipher/md.c on line 1267
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	sacrishi
	Aug 20 2014, 2:25 PM

Description

File : cipher/md.c
Line number in the above file where erroneous code is :1267

Libgcrypt version 1.5.4 code:

if ( !buffer || (nbytes && (*nbytes != sizeof (int))))

    rc = GPG_ERR_INV_ARG;
  else
    {
      algo = *(int*)buffer;

      *nbytes = 0;

-> Here in the above if conditional check if buffer is not NULL and nbytes is
NULL then the code flow goes to else section where nbytes ,though being NULL, is
dereferenced which is an error, so the code should be modified.

Recommended code:

if ( !buffer || !nbytes || (*nbytes != sizeof (int)))

  err = GPG_ERR_INV_ARG;
else
  {

Details

Version: 1.5.4

Event Timeline

460_md.c34 KBDownload

sacrishi added projects: libgcrypt, Bug Report.Aug 20 2014, 2:25 PM

sacrishi set Version to 1.5.4.

Updated by 1697.

• werner closed this task as Resolved.Aug 20 2014, 2:39 PM

• werner claimed this task.

• werner added a project: Mistaken.

Wrong if conditional check may lead to dereferencing of a NULL pointer in file cipher/md.c on line 1267Closed, ResolvedPublicActions

Description

Details

Event Timeline

Wrong if conditional check may lead to dereferencing of a NULL pointer in file cipher/md.c on line 1267
Closed, ResolvedPublic
Actions