mirror of
git://git.gnupg.org/gnupg.git
synced 2025-07-03 22:56:33 +02:00
gpg: Fix actual leak and possible leaks in the packet parser.
* g10/packet.h (struct parse_packet_ctx_s): Change LAST_PKT deom a
pointer to its struct.
(init_parse_packet): Adjust for LAST_PKT not being a pointer.
* g10/parse-packet.c (parse): Ditto. Free the last packet before
storing a new one in case of a deep link.
(parse_ring_trust): Adjust for LAST_PKT not being a pointer.
* g10/free-packet.c (free_packet): Ditto.
* g10/t-keydb-get-keyblock.c (do_test): Release keyblock.
--
Fixes-commit: afa8680908
Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch
parent
64665404e4
commit
7bf24e8146
5 changed files with 26 additions and 19 deletions
|
|
@ -833,14 +833,15 @@ parse (parse_packet_ctx_t ctx, PACKET *pkt, int onlykeypkts, off_t * retpos,
|
|||
}
|
||||
|
||||
/* Store a shallow copy of certain packets in the context. */
|
||||
free_packet (NULL, ctx);
|
||||
if (!rc && (pkttype == PKT_PUBLIC_KEY
|
||||
|| pkttype == PKT_SECRET_KEY
|
||||
|| pkttype == PKT_USER_ID
|
||||
|| pkttype == PKT_ATTRIBUTE
|
||||
|| pkttype == PKT_SIGNATURE))
|
||||
ctx->last_pkt = pkt;
|
||||
else
|
||||
ctx->last_pkt = NULL;
|
||||
{
|
||||
ctx->last_pkt = *pkt;
|
||||
}
|
||||
|
||||
leave:
|
||||
/* FIXME: We leak in case of an error (see the xmalloc's above). */
|
||||
|
|
@ -2992,12 +2993,12 @@ parse_ring_trust (parse_packet_ctx_t ctx, unsigned long pktlen)
|
|||
|
||||
/* Now transfer the data to the respective packet. Do not do this
|
||||
* if SKIP_META is set. */
|
||||
if (!ctx->last_pkt || ctx->skip_meta)
|
||||
if (!ctx->last_pkt.pkt.generic || ctx->skip_meta)
|
||||
;
|
||||
else if (rt.subtype == RING_TRUST_SIG
|
||||
&& ctx->last_pkt->pkttype == PKT_SIGNATURE)
|
||||
&& ctx->last_pkt.pkttype == PKT_SIGNATURE)
|
||||
{
|
||||
PKT_signature *sig = ctx->last_pkt->pkt.signature;
|
||||
PKT_signature *sig = ctx->last_pkt.pkt.signature;
|
||||
|
||||
if ((rt.sigcache & 1))
|
||||
{
|
||||
|
|
@ -3006,10 +3007,10 @@ parse_ring_trust (parse_packet_ctx_t ctx, unsigned long pktlen)
|
|||
}
|
||||
}
|
||||
else if (rt.subtype == RING_TRUST_UID
|
||||
&& (ctx->last_pkt->pkttype == PKT_USER_ID
|
||||
|| ctx->last_pkt->pkttype == PKT_ATTRIBUTE))
|
||||
&& (ctx->last_pkt.pkttype == PKT_USER_ID
|
||||
|| ctx->last_pkt.pkttype == PKT_ATTRIBUTE))
|
||||
{
|
||||
PKT_user_id *uid = ctx->last_pkt->pkt.user_id;
|
||||
PKT_user_id *uid = ctx->last_pkt.pkt.user_id;
|
||||
|
||||
uid->keysrc = rt.keysrc;
|
||||
uid->keyupdate = rt.keyupdate;
|
||||
|
|
@ -3017,10 +3018,10 @@ parse_ring_trust (parse_packet_ctx_t ctx, unsigned long pktlen)
|
|||
rt.url = NULL;
|
||||
}
|
||||
else if (rt.subtype == RING_TRUST_KEY
|
||||
&& (ctx->last_pkt->pkttype == PKT_PUBLIC_KEY
|
||||
|| ctx->last_pkt->pkttype == PKT_SECRET_KEY))
|
||||
&& (ctx->last_pkt.pkttype == PKT_PUBLIC_KEY
|
||||
|| ctx->last_pkt.pkttype == PKT_SECRET_KEY))
|
||||
{
|
||||
PKT_public_key *pk = ctx->last_pkt->pkt.public_key;
|
||||
PKT_public_key *pk = ctx->last_pkt.pkt.public_key;
|
||||
|
||||
pk->keysrc = rt.keysrc;
|
||||
pk->keyupdate = rt.keyupdate;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue