Page MenuHome GnuPG

Wrong if conditional check may lead to dereferencing of a NULL pointer in file cipher/md.c on line 1267
Closed, ResolvedPublic

Description

File : cipher/md.c
Line number in the above file where erroneous code is :1267

Libgcrypt version 1.5.4 code:

if ( !buffer || (nbytes && (*nbytes != sizeof (int))))

    rc = GPG_ERR_INV_ARG;
  else
    {
      algo = *(int*)buffer;

      *nbytes = 0;

-> Here in the above if conditional check if buffer is not NULL and nbytes is
NULL then the code flow goes to else section where nbytes ,though being NULL, is
dereferenced which is an error, so the code should be modified.

Recommended code:

if ( !buffer || !nbytes || (*nbytes != sizeof (int)))

  err = GPG_ERR_INV_ARG;
else
  {

Details

Version
1.5.4