mirror of git://git.gnupg.org/gnupg.git
g10: Fix double free when locating by mbox
* g10/getkey.c (get_best_pubkey_byname): Set new.uid always
to NULL after use.
--
pubkey_cmp is not guranteed to set new.uid.
So if the diff < 0 case is reached best is set to new.
If then diff > 0 is reached without modifying new.uid
e.g. if the key has no matching mboxes. new.uid is
free'd even though the uid is still referenced in
best.
GnuPG-Bug-Id: T4462
(cherry picked from commit e57954ed27
)
This commit is contained in:
parent
ee766b2b5d
commit
35899dc290
|
@ -1495,15 +1495,14 @@ get_best_pubkey_byname (ctrl_t ctrl, GETKEY_CTX *retctx, PKT_public_key *pk,
|
|||
/* Old key is better. */
|
||||
release_public_key_parts (&new.key);
|
||||
free_user_id (new.uid);
|
||||
new.uid = NULL;
|
||||
}
|
||||
else
|
||||
{
|
||||
/* A tie. Keep the old key. */
|
||||
release_public_key_parts (&new.key);
|
||||
free_user_id (new.uid);
|
||||
new.uid = NULL;
|
||||
}
|
||||
new.uid = NULL;
|
||||
}
|
||||
getkey_end (ctrl, ctx);
|
||||
ctx = NULL;
|
||||
|
|
Loading…
Reference in New Issue