From 70c49ce02401b1d5d0c176feca06ca0a72e8007a Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Mon, 25 Nov 2024 14:39:59 +0900
Subject: [PATCH] gpg: Fix modifying signature data by pk_verify for Ed25519.

* g10/pkglue.c (pk_verify): When fixing R and S, make sure those are
copies.

--

GnuPG-bug-id: 7426
Fixing-commit: 0a5a854510fda6e6990938a3fca424df868fe676
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
 g10/pkglue.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/g10/pkglue.c b/g10/pkglue.c
index 9db8f46de..61c504186 100644
--- a/g10/pkglue.c
+++ b/g10/pkglue.c
@@ -331,6 +331,15 @@ pk_verify (pubkey_algo_t pkalgo, gcry_mpi_t hash,
             rc = gpg_error (GPG_ERR_BAD_MPI);
           else
             {
+              r = gcry_mpi_copy (r);
+              s = gcry_mpi_copy (s);
+
+              if (!r || !s)
+                {
+                  rc = gpg_error_from_syserror ();
+                  goto leave;
+                }
+
               /* We need to fixup the length in case of leading zeroes.
                * OpenPGP does not allow leading zeroes and the parser for
                * the signature packet has no information on the use curve,
@@ -416,6 +425,7 @@ pk_verify (pubkey_algo_t pkalgo, gcry_mpi_t hash,
   if (!rc)
     rc = gcry_pk_verify (s_sig, s_hash, s_pkey);
 
+ leave:
   gcry_sexp_release (s_sig);
   gcry_sexp_release (s_hash);
   gcry_sexp_release (s_pkey);