g10: Fix keybox-related memory leaks.

* g10/keydb.c (keydb_release): Clear keyblock cache. (keydb_get_keyblock): Revert previous change. * kbx/keybox-blob.c (create_blob_finish): Free previous buffer, free fixups after applying them. (_keybox_release_blob): Free buffer. Currently, the buffer has been extracted before the keybox is released, but this is the right thing to do here. Fixes-commit: c57501cc Signed-off-by: Justus Winter <justus@g10code.com>
2025-01-02 12:01:32 +01:00 · 2016-06-30 17:09:59 +02:00 · 2016-06-30 17:09:59 +02:00 · 29beea6462
commit 29beea6462
parent 5869f518cb
2 changed files with 25 additions and 7 deletions
--- a/g10/keydb.c
+++ b/g10/keydb.c
@ -937,6 +937,7 @@ keydb_release (KEYDB_HANDLE hd)
        }
    }

+  keyblock_cache_clear (hd);
  xfree (hd);
 }

@ -1387,8 +1388,11 @@ keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb)
                hd->keyblock_cache.pk_no     = pk_no;
                hd->keyblock_cache.uid_no    = uid_no;
              }
-            xfree (sigstatus);
-            iobuf_close (iobuf);
+            else
+              {
+                xfree (sigstatus);
+                iobuf_close (iobuf);
+              }
          }
      }
      break;
--- a/kbx/keybox-blob.c
+++ b/kbx/keybox-blob.c
@ -661,18 +661,24 @@ create_blob_finish (KEYBOXBLOB blob)

  /* do the fixups */
  if (blob->fixup_out_of_core)
-    return gpg_error (GPG_ERR_ENOMEM);
+    {
+      xfree (p);
+      return gpg_error (GPG_ERR_ENOMEM);
+    }

  {
-    struct fixup_list *fl;
-    for (fl = blob->fixups; fl; fl = fl->next)
+    struct fixup_list *fl, *next;
+    for (fl = blob->fixups; fl; fl = next)
      {
        assert (fl->off+4 <= n);
        p[fl->off+0] = fl->val >> 24;
        p[fl->off+1] = fl->val >> 16;
        p[fl->off+2] = fl->val >>  8;
        p[fl->off+3] = fl->val;
+        next = fl->next;
+        xfree (fl);
      }
+    blob->fixups = NULL;
  }

  /* Compute and store the SHA-1 checksum. */
@ -680,8 +686,12 @@ create_blob_finish (KEYBOXBLOB blob)

  pp = xtrymalloc (n);
  if ( !pp )
-    return gpg_error_from_syserror ();
+    {
+      xfree (p);
+      return gpg_error_from_syserror ();
+    }
  memcpy (pp , p, n);
+  xfree (p);
  blob->blob = pp;
  blob->bloblen = n;

@ -1000,7 +1010,11 @@ _keybox_release_blob (KEYBOXBLOB blob)
  int i;
  if (!blob)
    return;
-  /* hmmm: release membuf here?*/
+  if (blob->buf)
+    {
+      size_t len;
+      xfree (get_membuf (blob->buf, &len));
+    }
  xfree (blob->keys );
  xfree (blob->serialbuf);
  for (i=0; i < blob->nuids; i++)