security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

dirmgr: clean up memory on error code paths 

* dirmgr/crlcache.c (finish_sig_check): goto leave instead of return
* dirmgr/http.c (send_request): free authstr and proxy_authstr
* dirmgr/ldap.c (start_cert_fetch_ldap): free proxy
* dirmgr/ocsp.c (check_signature): release s_hash

--

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
GnuPG-bug-id: 5393
This commit is contained in:
Jakub Jelen 2021-05-20 10:13:51 +02:00 committed by Werner Koch
parent a95ddffdcd
commit 0d2c1e9046
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
4 changed files with 16 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
dirmngr/crlcache.c
View File

@ -1725,7 +1725,8 @@ finish_sig_check (ksba_crl_t crl, gcry_md_hd_t md, int algo,
{ {
log_error ("hash algo mismatch: %d announced but %d used\n", log_error ("hash algo mismatch: %d announced but %d used\n",
algo, hashalgo); algo, hashalgo);
return gpg_error (GPG_ERR_INV_CRL); err = gpg_error (GPG_ERR_INV_CRL);
goto leave;
} }
/* Add some restrictions; see ../sm/certcheck.c for details. */ /* Add some restrictions; see ../sm/certcheck.c for details. */
switch (algo) switch (algo)
@ -1741,14 +1742,16 @@ finish_sig_check (ksba_crl_t crl, gcry_md_hd_t md, int algo,
default: default:
log_error ("PSS hash algorithm '%s' rejected\n", log_error ("PSS hash algorithm '%s' rejected\n",
gcry_md_algo_name (algo)); gcry_md_algo_name (algo));
return gpg_error (GPG_ERR_DIGEST_ALGO); err = gpg_error (GPG_ERR_DIGEST_ALGO);
goto leave;
} }
if (gcry_md_get_algo_dlen (algo) != saltlen) if (gcry_md_get_algo_dlen (algo) != saltlen)
{ {
log_error ("PSS hash algorithm '%s' rejected due to salt length %u\n", log_error ("PSS hash algorithm '%s' rejected due to salt length %u\n",
gcry_md_algo_name (algo), saltlen); gcry_md_algo_name (algo), saltlen);
return gpg_error (GPG_ERR_DIGEST_ALGO); err = gpg_error (GPG_ERR_DIGEST_ALGO);
goto leave;
} }
} }

6
dirmngr/http.c
View File

@ -2208,7 +2208,11 @@ send_request (ctrl_t ctrl, http_t hd, const char *httphost, const char *auth,
p = build_rel_path (hd->uri); p = build_rel_path (hd->uri);
if (!p) if (!p)
return gpg_err_make (default_errsource, gpg_err_code_from_syserror ()); {
xfree (authstr);
xfree (proxy_authstr);
return gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
}
if (http_proxy && *http_proxy) if (http_proxy && *http_proxy)
{ {

6
dirmngr/ldap.c
View File

@ -563,8 +563,10 @@ start_cert_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t *r_context,
use_ldaps = server->use_ldaps; use_ldaps = server->use_ldaps;
} }
else /* Use a default server. */ else /* Use a default server. */
return gpg_error (GPG_ERR_NOT_IMPLEMENTED); {
xfree (proxy);
return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
}
if (!base) if (!base)
base = ""; base = "";

1
dirmngr/ocsp.c
View File

@ -534,6 +534,7 @@ check_signature (ctrl_t ctrl,
err = ksba_ocsp_get_responder_id (ocsp, &name, &keyid); err = ksba_ocsp_get_responder_id (ocsp, &name, &keyid);
if (err) if (err)
{ {
gcry_sexp_release (s_hash);
log_error (_("error getting responder ID: %s\n"), log_error (_("error getting responder ID: %s\n"),
gcry_strerror (err)); gcry_strerror (err));
return err; return err;