From ae0f3fabeba7b393113d5dc185b6aff9b728136d Mon Sep 17 00:00:00 2001
From: Darren Kenny <darren.kenny@oracle.com>
Date: Thu, 26 Nov 2020 10:41:54 +0000
Subject: [PATCH] libgcrypt/mpi: Fix possible NULL dereference

The code in gcry_mpi_scan() assumes that buffer is not NULL, but there
is no explicit check for that, so we add one.

Fixes: CID 73757

Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
 grub-core/lib/libgcrypt-grub/mpi/mpicoder.c | 3 +++
 grub-core/lib/libgcrypt/mpi/mpicoder.c      | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/grub-core/lib/libgcrypt-grub/mpi/mpicoder.c b/grub-core/lib/libgcrypt-grub/mpi/mpicoder.c
index faf1cd6..e734dcf 100644
--- a/grub-core/lib/libgcrypt-grub/mpi/mpicoder.c
+++ b/grub-core/lib/libgcrypt-grub/mpi/mpicoder.c
@@ -381,6 +381,9 @@ gcry_mpi_scan (struct gcry_mpi **ret_mpi, enum gcry_mpi_format format,
   unsigned int len;
   int secure = (buffer && gcry_is_secure (buffer));
 
+  if (!buffer)
+    return gcry_error (GPG_ERR_INV_ARG);
+
   if (format == GCRYMPI_FMT_SSH)
     len = 0;
   else
diff --git a/grub-core/lib/libgcrypt/mpi/mpicoder.c b/grub-core/lib/libgcrypt/mpi/mpicoder.c
index 7ecad27..6fe3891 100644
--- a/grub-core/lib/libgcrypt/mpi/mpicoder.c
+++ b/grub-core/lib/libgcrypt/mpi/mpicoder.c
@@ -379,6 +379,9 @@ gcry_mpi_scan (struct gcry_mpi **ret_mpi, enum gcry_mpi_format format,
   unsigned int len;
   int secure = (buffer && gcry_is_secure (buffer));
 
+  if (!buffer)
+    return gcry_error (GPG_ERR_INV_ARG);
+
   if (format == GCRYMPI_FMT_SSH)
     len = 0;
   else
-- 
2.14.2