From 69930f6884a934207f7aa523cf6d2b8e22dfe666 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Thu, 8 Nov 2018 20:52:38 +0900
Subject: [PATCH] gpgcompose: Fix --sk-esk.

* g10/gpgcompose.c (sk_esk): Copy the result content correctly.
Don't forget to free the result.

--

Fixes-commit: 0131d4369a81a51bf7bb328cc81a3bb082ed1a94
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
 g10/gpgcompose.c | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/g10/gpgcompose.c b/g10/gpgcompose.c
index b3f7ecdce..9b6901599 100644
--- a/g10/gpgcompose.c
+++ b/g10/gpgcompose.c
@@ -2281,16 +2281,27 @@ sk_esk (const char *option, int argc, char *argv[], void *cookie)
     /* Encrypt the session key using the s2k specifier.  */
     {
       DEK *sesdekp = &sesdek;
+      void *enckey;
+      size_t enckeylen;
 
       /* Now encrypt the session key (or rather, the algorithm used to
-         encrypt the SKESK plus the session key) using ENCKEY.  */
-      err = encrypt_seskey (&s2kdek, 0, &sesdekp,
-                            (void**)&ske->seskey, (size_t *)&ske->seskeylen);
+         encrypt the SKESK plus the session key) using S2KDEK.  */
+      err = encrypt_seskey (&s2kdek, 0, &sesdekp, &enckey, &enckeylen);
+
       if (err)
         log_fatal ("encrypt_seskey failed: %s\n", gpg_strerror (err));
 
+      if (enckeylen - 1 > sesdek.keylen)
+        log_fatal ("key size is too big: %z\n", enckeylen);
+      else
+        {
+          ske->seskeylen = (byte)enckeylen;
+          memcpy (ske->seskey, enckey, enckeylen);
+        }
+
       /* Save the session key for later.  */
       session_key = sesdek;
+      xfree (enckey);
     }
 
   pkt.pkttype = PKT_SYMKEY_ENC;