segfaults in certreqen.c from logging NULL return from get_parameter
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	dkg
	Mar 30 2020, 12:37 AM

Description

around line 700 of certreqgen.c, there are several lines that look something like this:

r = get_parameter (para, pEXTENSION, seq);
log_error (_("line %d: invalid extension syntax\n"), r->lnr);

however, get_parameter can return NULL, in which case r->lnr causes a segmentation fault.

This can be replicated with:

printf 'Key-Type: RSA\n' | gpgsm --homedir=$(mktemp -d) --gen-key --batch

for example:

0 dkg@alice:~$ printf 'Key-Type: RSA\n' | gpgsm --homedir=$(mktemp -d) --gen-key --batch
gpgsm: keybox '/home/dkg/tmp/tmp.Qk6mhUnfn7/pubring.kbx' created

gpgsm: signal Segmentation fault caught ... exiting
Segmentation fault
139 dkg@alice:~$

Details

Version: 2.2.20

Revisions and Commits

rG GnuPG
	rG9c5c7c6f602c sm: Fix possible NULL deref in error messages of --gen-key.
	rG2b4b0b1223aa sm: Fix possible NULL deref in error messages of --gen-key.