gpgsm --gen-key segfault with ECC key on smartcard

[Werner Koch]

On Mon, 26 Oct 2015 15:34, bertrand at jacquin.bzh said:
> On 19/08/2015 22:27, Bertrand Jacquin wrote:

>> I'm getting a SEGV running gpgsm --gen-key with GnuPG 2.1.6. The issue
>> comes from libksba. Here is a backtrace:

Thanks for the data.  I can't replicate this right now but the backtrace
was helpful enough.  The attached patch to libksba should fix the segv.
I look into extending the table of curve names.


Shalom-Salam,

   Werner

========
>From 9df0ac3a4afa0272dbff08d17e9064f13be95814 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk at gnupg.org>
Date: Wed, 28 Oct 2015 11:18:59 +0100
Subject: [PATCH] Fix lookup of ECC OIDs by name.

* src/keyinfo.c (get_ecc_curve_oid): Fix obviously never tested table
lookup.
--

This led to a crash see
 https://lists.gnupg.org/pipermail/gnupg-devel/2015-October/030445.html

The fix is obvious but I do not have test data for this.

Signed-off-by: Werner Koch <wk at gnupg.org>
---
 src/keyinfo.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/keyinfo.c b/src/keyinfo.c
index 02dc7ae..3ea0cfa 100644
--- a/src/keyinfo.c
+++ b/src/keyinfo.c
@@ -322,10 +322,10 @@ get_ecc_curve_oid (const unsigned char *buf, size_t buflen, size_t *r_oidlen)
         if (buflen == strlen (curve_names[i].name)
             && !memcmp (buf, curve_names[i].name, buflen))
           break;
-      if (curve_names[i].oid)
+      if (!curve_names[i].oid)
         return NULL; /* Not found.  */
-      buf = curve_names[i].name;
-      buflen = strlen (curve_names[i].name);
+      buf = curve_names[i].oid;
+      buflen = strlen (curve_names[i].oid);
     }
 
   if (_ksba_oid_from_buf (buf, buflen, &der_oid, r_oidlen))
-- 
2.1.4


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.