From 27e7bde12ee2b67425ae7011d976d2544c90fd9a Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Tue, 13 Apr 2021 14:02:18 +0200
Subject: [PATCH] scd: avoid memory leaks

* scd/app-p15.c (send_certinfo): free labelbuf
  (do_sign): goto leave instead of return
* scd/app-piv.c (do_sign): goto leave instead of return, fix typo in
  variable name, avoid using uninitialized variables
* scd/command.c (cmd_genkey): goto leave instead of return

--

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
GnuPG-bug-id: 5393
---
 scd/app-p15.c |  5 +++--
 scd/app-piv.c |  6 +++---
 scd/command.c | 10 ++++++++--
 3 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/scd/app-p15.c b/scd/app-p15.c
index 3aa8122f5..0530d377c 100644
--- a/scd/app-p15.c
+++ b/scd/app-p15.c
@@ -3851,6 +3851,7 @@ send_certinfo (app_t app, ctrl_t ctrl, const char *certtype,
                         labelbuf, strlen (labelbuf),
                         NULL, (size_t)0);
       xfree (buf);
+      xfree (labelbuf);
     }
   return 0;
 }
@@ -5461,7 +5462,7 @@ do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
   if (err)
     {
       log_error ("p15: MSE failed: %s\n", gpg_strerror (err));
-      return err;
+      goto leave;
     }
 
   /* Now that we have all the information available run the actual PIN
@@ -5500,7 +5501,7 @@ do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
   if (err)
     {
       log_error ("p15: MSE failed: %s\n", gpg_strerror (err));
-      return err;
+      goto leave;
     }
 
   if (prkdf->keyalgo == GCRY_PK_RSA && prkdf->keynbits > 2048)
diff --git a/scd/app-piv.c b/scd/app-piv.c
index ead1b1974..143cc047a 100644
--- a/scd/app-piv.c
+++ b/scd/app-piv.c
@@ -2175,7 +2175,7 @@ do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
   unsigned char oidbuf[64];
   size_t oidbuflen;
   unsigned char *outdata = NULL;
-  size_t outdatalen;
+  size_t outdatalen = 0;
   const unsigned char *s;
   size_t n;
   int keyref, mechanism;
@@ -2357,7 +2357,7 @@ do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
   /* Now verify the Application PIN.  */
   err = verify_chv (app, ctrl, 0x80, force_verify, pincb, pincb_arg);
   if (err)
-    return err;
+    goto leave;
 
   /* Build the Dynamic Authentication Template.  */
   err = concat_tlv_list (0, &apdudata, &apdudatalen,
@@ -2403,7 +2403,7 @@ do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
             goto bad_der;
           log_assert (n >= (rval-s)+rlen);
           sval = find_tlv (rval+rlen, n-((rval-s)+rlen), 0x02, &slen);
-          if (!rval)
+          if (!sval)
             goto bad_der;
           rlenx = slenx = 0;
           if (rlen > slen)
diff --git a/scd/command.c b/scd/command.c
index 11d61648b..cb0dd379a 100644
--- a/scd/command.c
+++ b/scd/command.c
@@ -1438,7 +1438,10 @@ cmd_genkey (assuan_context_t ctx, char *line)
 
   line = skip_options (line);
   if (!*line)
-    return set_error (GPG_ERR_ASS_PARAMETER, "no key number given");
+    {
+      err = set_error (GPG_ERR_ASS_PARAMETER, "no key number given");
+      goto leave;
+    }
   keyref = line;
   while (*line && !spacep (line))
     line++;
@@ -1448,7 +1451,10 @@ cmd_genkey (assuan_context_t ctx, char *line)
     goto leave;
 
   if (!ctrl->card_ctx)
-    return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+    {
+      err = gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+      goto leave;
+    }
 
   keyref = keyref_buffer = xtrystrdup (keyref);
   if (!keyref)