security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

gpg: Fix attempt to double free an UID structure. 

* g10/getkey.c (get_best_pubkey_byname): Set released .UID to NULL.
--

Phil Pennock reported an assertion failure when doing

  % gpg --auto-key-locate dane --locate-keys someone
  gpg: Ohhhh jeeee: Assertion "uid->ref > 0" in \
         free_user_id failed (free-packet.c:310)

on his keyring.  This patch is not tested but a good guess.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2017-03-05 23:24:15 +01:00
parent e6ca015ae1
commit 4a130bbc2c
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
g10/getkey.c
View File

@ -1592,8 +1592,10 @@ get_best_pubkey_byname (ctrl_t ctrl, GETKEY_CTX *retctx, PKT_public_key *pk,
if (is_valid_mailbox (name) && ctx)
{
/* Rank results and return only the most relevant key. */
struct pubkey_cmp_cookie best = { 0 }, new;
KBNODE new_keyblock;
struct pubkey_cmp_cookie best = { 0 };
struct pubkey_cmp_cookie new;
kbnode_t new_keyblock;
while (getkey_next (ctx, &new.key, &new_keyblock) == 0)
{
int diff = pubkey_cmp (ctrl, name, &best, &new, new_keyblock);
@ -1610,17 +1612,20 @@ get_best_pubkey_byname (ctrl_t ctrl, GETKEY_CTX *retctx, PKT_public_key *pk,
/* Old key is better. */
release_public_key_parts (&new.key);
free_user_id (new.uid);
new.uid = NULL;
}
else
{
/* A tie. Keep the old key. */
release_public_key_parts (&new.key);
free_user_id (new.uid);
new.uid = NULL;
}
}
getkey_end (ctx);
ctx = NULL;
free_user_id (best.uid);
best.uid = NULL;
if (best.valid)
{