security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Activity

g10: Fix crash. 

* g10/tofu.c (tofu_closedbs): Fix freeing database handles up to the
cache limit.  Previously, this would crash if db_cache_count == count.

Reported-by: Ben Kibbey <bjk@luxsci.net>
Signed-off-by: Justus Winter <justus@g10code.com>
This commit is contained in:
Justus Winter 2016-07-21 11:49:33 +02:00
parent 1598a44764
commit 1af2fd44f0
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
g10/tofu.c
View File

@ -1104,8 +1104,14 @@ tofu_closedbs (ctrl_t ctrl)
is easy to skip the first COUNT entries since we still
have a handle on the old head. */
int skip = DB_CACHE_ENTRIES - count;
while (-- skip > 0)
old_head = old_head->next;
if (skip < 0)
for (old_head = db_cache, skip = DB_CACHE_ENTRIES;
skip > 0;
old_head = old_head->next, skip--)
{ /* Do nothing. */ }
else
while (-- skip > 0)
old_head = old_head->next;
*old_head->prevp = NULL;
@ -1116,6 +1122,8 @@ tofu_closedbs (ctrl_t ctrl)
old_head = db;
db_cache_count --;
}
log_assert (db_cache_count == DB_CACHE_ENTRIES);
}
}