From a44244b27e20dd9c071b81562dbcf03b1042ed3b Mon Sep 17 00:00:00 2001
From: Anthony Romano <anthony.romano@coreos.com>
Date: Sun, 16 Jul 2017 19:42:57 -0700
Subject: [PATCH] avoid null dereference when openpgp algo goes from !rsa2k to
 rsa2k.

Detected with scan-build.

Signed-off-by: Anthony Romano <anthony.romano@coreos.com>
---
 ChangeLog        |  6 +++++
 src/openpgp-do.c | 64 ++++++++++++++++++++----------------------------
 2 files changed, 33 insertions(+), 37 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 06ea2d8..448556d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2017-07-18  Anthony Romano <anthony.romano@coreos.com>
+
+	* src/openpgp-do.c (gpg_reset_algo_attr): New.
+	(rw_algorithm_attr): Use gpg_reset_algo_attr.
+	Fix null dereference.
+
 2017-07-18  Anthony Romano <anthony.romano@coreos.com>
 
 	* src/mod.c (mod_reduce): Clean up unused code.
diff --git a/src/openpgp-do.c b/src/openpgp-do.c
index 09a7798..0b12a68 100644
--- a/src/openpgp-do.c
+++ b/src/openpgp-do.c
@@ -40,7 +40,7 @@
 #define CLEAN_PAGE_FULL 1
 #define CLEAN_SINGLE    0
 static void gpg_do_delete_prvkey (enum kind_of_key kk, int clean_page_full);
-
+static void gpg_reset_digital_signature_counter (void);
 
 #define PASSWORD_ERRORS_MAX 3	/* >= errors, it will be locked */
 static const uint8_t *pw_err_counter_p[3];
@@ -250,6 +250,28 @@ gpg_get_algo_attr (enum kind_of_key kk)
   return algo_attr_p[1];
 }
 
+static void
+gpg_reset_algo_attr (enum kind_of_key kk)
+{
+  gpg_do_delete_prvkey (kk, CLEAN_PAGE_FULL);
+  if (kk == GPG_KEY_FOR_SIGNING)
+    {
+      gpg_reset_digital_signature_counter ();
+      gpg_do_write_simple (NR_DO_FP_SIG, NULL, 0);
+      gpg_do_write_simple (NR_DO_KGTIME_SIG, NULL, 0);
+    }
+  else if (kk == GPG_KEY_FOR_DECRYPTION)
+    {
+      gpg_do_write_simple (NR_DO_FP_DEC, NULL, 0);
+      gpg_do_write_simple (NR_DO_KGTIME_DEC, NULL, 0);
+    }
+  else
+    {
+      gpg_do_write_simple (NR_DO_FP_AUT, NULL, 0);
+      gpg_do_write_simple (NR_DO_KGTIME_AUT, NULL, 0);
+    }
+}
+
 static const uint8_t *
 get_algo_attr_data_object (enum kind_of_key kk)
 {
@@ -749,47 +771,15 @@ rw_algorithm_attr (uint16_t tag, int with_tag,
 	return 0;		/* Error.  */
       else if (algo == ALGO_RSA2K && *algo_attr_pp != NULL)
 	{
-	  gpg_do_delete_prvkey (kk, CLEAN_PAGE_FULL);
+	  gpg_reset_algo_attr (kk);
 	  flash_enum_clear (algo_attr_pp);
-	  if (kk == GPG_KEY_FOR_SIGNING)
-	    {
-	      gpg_reset_digital_signature_counter ();
-	      gpg_do_write_simple (NR_DO_FP_SIG, NULL, 0);
-	      gpg_do_write_simple (NR_DO_KGTIME_SIG, NULL, 0);
-	    }
-	  else if (kk == GPG_KEY_FOR_DECRYPTION)
-	    {
-	      gpg_do_write_simple (NR_DO_FP_DEC, NULL, 0);
-	      gpg_do_write_simple (NR_DO_KGTIME_DEC, NULL, 0);
-	    }
-	  else
-	    {
-	      gpg_do_write_simple (NR_DO_FP_AUT, NULL, 0);
-	      gpg_do_write_simple (NR_DO_KGTIME_AUT, NULL, 0);
-	    }
 	  if (*algo_attr_pp != NULL)
 	    return 0;
 	}
-      else if ((algo != ALGO_RSA2K && *algo_attr_pp == NULL)
-	       || (*algo_attr_pp)[1] != algo)
+      else if ((algo != ALGO_RSA2K && *algo_attr_pp == NULL) ||
+               (*algo_attr_pp != NULL && (*algo_attr_pp)[1] != algo))
 	{
-	  gpg_do_delete_prvkey (kk, CLEAN_PAGE_FULL);
-	  if (kk == GPG_KEY_FOR_SIGNING)
-	    {
-	      gpg_reset_digital_signature_counter ();
-	      gpg_do_write_simple (NR_DO_FP_SIG, NULL, 0);
-	      gpg_do_write_simple (NR_DO_KGTIME_SIG, NULL, 0);
-	    }
-	  else if (kk == GPG_KEY_FOR_DECRYPTION)
-	    {
-	      gpg_do_write_simple (NR_DO_FP_DEC, NULL, 0);
-	      gpg_do_write_simple (NR_DO_KGTIME_DEC, NULL, 0);
-	    }
-	  else
-	    {
-	      gpg_do_write_simple (NR_DO_FP_AUT, NULL, 0);
-	      gpg_do_write_simple (NR_DO_KGTIME_AUT, NULL, 0);
-	    }
+	  gpg_reset_algo_attr (kk);
 	  *algo_attr_pp = flash_enum_write (kk_to_nr (kk), algo);
 	  if (*algo_attr_pp == NULL)
 	    return 0;