Wrong if conditional check may lead to dereferencing of a NULL pointer in file cipher/md.c on line 1267
Closed, ResolvedPublic

Description

File : cipher/md.c
Line number in the above file where erroneous code is :1267

Libgcrypt version 1.5.4 code:

if ( !buffer || (nbytes && (*nbytes != sizeof (int))))

    rc = GPG_ERR_INV_ARG;
  else
    {
      algo = *(int*)buffer;

      *nbytes = 0;

-> Here in the above if conditional check if buffer is not NULL and nbytes is
NULL then the code flow goes to else section where nbytes ,though being NULL, is
dereferenced which is an error, so the code should be modified.

Recommended code:

if ( !buffer || !nbytes || (*nbytes != sizeof (int)))

  err = GPG_ERR_INV_ARG;
else
  {

Details

Version
1.5.4

sacrishi set Version to 1.5.4.
werner added a subscriber: werner.Aug 20 2014, 2:39 PM

Updated by 1697.

werner closed this task as Resolved.Aug 20 2014, 2:39 PM
werner claimed this task.
werner added a project: Mistaken.