[PATCH libassuan] Fix NULL pointer dereference in _assuan_error().
Xi Wang
xi.wang at gmail.com
Thu Nov 15 09:29:06 CET 2012
Multiple functions invoke _assuan_error() with a NULL ctx.
if (!ctx)
return _assuan_error (ctx, GPG_ERR_ASS_INV_VALUE);
Since _assuan_error() dereferences ctx, this patch adds a NULL check.
---
JOOC, did they ever triggered NULL pointer dereferences? Some functions
seem to explicitly allow NULL ctx, such as assuan_sendfd():
/* It is explicitly allowed to use (NULL, -1) as a runtime test to
check whether descriptor passing is available. */
If a caller follows this comment, it's likely to trigger a bug.
---
src/assuan-defs.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/assuan-defs.h b/src/assuan-defs.h
index f6cb9b4..161a28f 100644
--- a/src/assuan-defs.h
+++ b/src/assuan-defs.h
@@ -55,7 +55,8 @@
#define LINELENGTH ASSUAN_LINELENGTH
/* Generate an error code specific to a context. */
-#define _assuan_error(ctx, errcode) gpg_err_make ((ctx)->err_source, errcode)
+#define _assuan_error(ctx, errcode) \
+ gpg_err_make ((ctx) ? (ctx)->err_source : GPG_ERR_SOURCE_DEFAULT, errcode)
struct cmdtbl_s
--
1.7.10.4
More information about the Gnupg-devel
mailing list