From 678e1b20d3531e642fa8871ea56c6c7d5c208fbe Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Tue, 13 Apr 2021 14:02:18 +0200
Subject: [PATCH] scd: avoid memory leaks

* scd/app-p15.c (send_certinfo): free labelbuf
  (do_sign): goto leave instead of return
* scd/command.c (cmd_genkey): goto leave instead of return

--

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
GnuPG-bug-id: 5393

Modifified for this backport:

* scd/command.c (cmd_genkey): Make it easier to read by replacing
keyno with orig_line.

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 scd/app-p15.c |  5 +++--
 scd/command.c | 33 +++++++++++++++++++++------------
 2 files changed, 24 insertions(+), 14 deletions(-)

diff --git a/scd/app-p15.c b/scd/app-p15.c
index 3aa8122f5..0530d377c 100644
--- a/scd/app-p15.c
+++ b/scd/app-p15.c
@@ -3851,6 +3851,7 @@ send_certinfo (app_t app, ctrl_t ctrl, const char *certtype,
                         labelbuf, strlen (labelbuf),
                         NULL, (size_t)0);
       xfree (buf);
+      xfree (labelbuf);
     }
   return 0;
 }
@@ -5461,7 +5462,7 @@ do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
   if (err)
     {
       log_error ("p15: MSE failed: %s\n", gpg_strerror (err));
-      return err;
+      goto leave;
     }
 
   /* Now that we have all the information available run the actual PIN
@@ -5500,7 +5501,7 @@ do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
   if (err)
     {
       log_error ("p15: MSE failed: %s\n", gpg_strerror (err));
-      return err;
+      goto leave;
     }
 
   if (prkdf->keyalgo == GCRY_PK_RSA && prkdf->keynbits > 2048)
diff --git a/scd/command.c b/scd/command.c
index 2e2627f71..e2debf5b8 100644
--- a/scd/command.c
+++ b/scd/command.c
@@ -1113,7 +1113,7 @@ cmd_genkey (assuan_context_t ctx, char *line)
 {
   ctrl_t ctrl = assuan_get_pointer (ctx);
   int rc;
-  char *keyno;
+  char *save_line;
   int force;
   const char *s;
   time_t timestamp;
@@ -1134,26 +1134,35 @@ cmd_genkey (assuan_context_t ctx, char *line)
 
   line = skip_options (line);
   if (!*line)
-    return set_error (GPG_ERR_ASS_PARAMETER, "no key number given");
-  keyno = line;
+    {
+      rc = set_error (GPG_ERR_ASS_PARAMETER, "no key number given");
+      goto leave;
+    }
+  save_line = line;
   while (*line && !spacep (line))
     line++;
   *line = 0;
 
   if ((rc = open_card (ctrl)))
-    return rc;
+    goto leave;
 
   if (!ctrl->app_ctx)
-    return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+    {
+      rc = gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+      goto leave;
+    }
 
-  keyno = xtrystrdup (keyno);
-  if (!keyno)
-    return out_of_core ();
-  rc = app_genkey (ctrl->app_ctx, ctrl, keyno, NULL,
-                   force? APP_GENKEY_FLAG_FORCE : 0,
-                   timestamp, pin_cb, ctx);
-  xfree (keyno);
+  {
+    char *tmp = xtrystrdup (save_line);
+    if (!tmp)
+      return gpg_error_from_syserror ();
+    rc = app_genkey (ctrl->app_ctx, ctrl, tmp, NULL,
+                     force? APP_GENKEY_FLAG_FORCE : 0,
+                     timestamp, pin_cb, ctx);
+    xfree (tmp);
+  }
 
+ leave:
   return rc;
 }