[PATCH 05/13] gpg: Fix a NULL-deref in export due to invalid packet lengths.

Sun Feb 22 05:10:29 CET 2015

From: Werner Koch <wk at gnupg.org>

* g10/build-packet.c (write_fake_data): Take care of a NULL stored as
opaque MPI.
--

Reported-by: Hanno Böck <hanno at hboeck.de>

(back ported from commit 0835d2f44ef62eab51fce6a927908f544e01cf8f)

[dkg: rebased to STABLE-BRANCH-1-4]
Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
---
 g10/build-packet.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/g10/build-packet.c b/g10/build-packet.c
index abe0181..499dd68 100644
--- a/g10/build-packet.c
+++ b/g10/build-packet.c
@@ -193,7 +193,8 @@ write_fake_data( IOBUF out, MPI a )
 	void *p;
 
 	p = mpi_get_opaque( a, &i );
-	iobuf_write( out, p, i );
+	if (p)
+          iobuf_write( out, p, i );
     }
 }
 
-- 
2.1.4


