Mailing List Archive

I've encountered a segfault in libgcrypt. If you create an mpi by doing
gcry_mpi_scan with a format of GCRYMPI_FMT_USG and a length of 0, that
mpi ends up having no limbs (which is technically correct, for an mpi
with value 0), but then some functions (like gcry_mpi_cmp_ui) try to
access them anyway, causing a segfault.

For example:

#include <stdio.h>
#include <gcrypt.h>

int main(int argc, char **argv)
{
gcry_mpi_t good_zero, bad_zero;
unsigned char zerobuf[1] = { 0x00 };

/* Make a "good" MPI with value 0 */
gcry_mpi_scan(&good_zero, GCRYMPI_FMT_USG, zerobuf, 1, NULL);

/* Compare it to a ui */
printf("Result of comparing with 2: %d\n",
gcry_mpi_cmp_ui(good_zero, 2));

/* Make a "bad" MPI with value 0 */
gcry_mpi_scan(&bad_zero, GCRYMPI_FMT_USG, zerobuf, 0, NULL);

/* Compare it to a ui */
printf("Result of comparing with 2: %d\n",
gcry_mpi_cmp_ui(bad_zero, 2));

return 0;
}

Outputs:

Result of comparing with 2: -1
Segmentation fault

This is an issue when you're parsing messages in a protocol that look
like an mpi length, followed by data. If a length of 0 gets passed, to
indicate a value of 0, you end up with one of these "bad" mpis.

- Ian

_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel