dirmngr: Fix double free of a hash context in the error case.

* dirmngr/crlcache.c: Clearly document that this fucntions takes
ownership of MD.
(abort_sig_check): Allow NULL for MD.
(crl_parse_insert): Immediately set MD to NULL.  Remove check for md
before a calling abort_sig_check.
--

GnuPG-bug-id: 3510
Signed-off-by: Werner Koch <wk@gnupg.org>

dirmngr/crlcache.c

@@ -1562,7 +1562,7 @@ start_sig_check (ksba_crl_t crl, gcry_md_hd_t *md, int *algo)
    should return 0 on a good signature, GPG_ERR_BAD_SIGNATURE if the
    signature does not verify or any other error code. CRL is the CRL
    object we are working on, MD the hash context and ISSUER_CERT the
-   certificate of the CRL issuer.  This function closes MD.  */
+   certificate of the CRL issuer.  This function takes ownership of MD.  */
 static gpg_error_t
 finish_sig_check (ksba_crl_t crl, gcry_md_hd_t md, int algo,
                   ksba_cert_t issuer_cert)
@@ -1646,11 +1646,12 @@ finish_sig_check (ksba_crl_t crl, gcry_md_hd_t md, int algo,
 
 
 /* Call this to match a start_sig_check that can not be completed
-   normally.  */
+   normally.  Takes ownership of MD if MD is not NULL.  */
 static void
 abort_sig_check (ksba_crl_t crl, gcry_md_hd_t md)
 {
   (void)crl;
+  if (md)
     gcry_md_close (md);
 }
 
@@ -1842,13 +1843,13 @@ crl_parse_insert (ctrl_t ctrl, ksba_crl_t crl,
               }
 
             err = finish_sig_check (crl, md, algo, crlissuer_cert);
+            md = NULL; /* Closed.  */
             if (err)
               {
                 log_error (_("CRL signature verification failed: %s\n"),
                            gpg_strerror (err));
                 goto failure;
               }
-	    md = NULL;
 
             err = validate_cert_chain (ctrl, crlissuer_cert, NULL,
                                        (VALIDATE_FLAG_TRUST_CONFIG
@@ -1877,7 +1878,6 @@ crl_parse_insert (ctrl_t ctrl, ksba_crl_t crl,
 
 
  failure:
-  if (md)
   abort_sig_check (crl, md);
   ksba_cert_release (crlissuer_cert);
   return err;