security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-21 14:47:03 +01:00
Code Activity

gpg: Fix regression in --locate-keys (in 2.1.9).

Browse Source 
* g10/getkey.c (getkey_ctx_s): Add field "extra_list".
(get_pubkey_byname): Store strings in the context.
(getkey_end): Free EXTRA_LIST.
--

This fixes a use-after-free bug.  It showed up with:

  gpg --auto-key-locate local --locate-key wk@gnupg.org

The key was shown but also all other following keys in the keyring.
Bisecting showed d47e84946ee010917cfc3501062721b74afbb771 as culprit
but the actual cause was a part of:

Regression-due-to: b06f96ba4f57f55194efcd37a0e3a2aa5450b974
Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2015-11-13 12:56:13 +01:00
parent 2038adf16d
commit 7e59fb21f7
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
g10/getkey.c
View File

@ -77,6 +77,10 @@ struct getkey_ctx_s
released using getkey_end()). */
int not_allocated;
/* This variable is used as backing store for strings which have
their address used in ITEMS. */
strlist_t extra_list;
/* Part of the search criteria: The low-level search specification
as passed to keydb_search. */
int nitems;
@ -1028,7 +1032,14 @@ get_pubkey_byname (ctrl_t ctrl, GETKEY_CTX * retctx, PKT_public_key * pk,
*retctx = NULL;
}
free_strlist (namelist);
if (retctx && *retctx)
{
assert (!(*retctx)->extra_list);
(*retctx)->extra_list = namelist;
}
else
free_strlist (namelist);
return rc;
}
@ -1279,6 +1290,7 @@ getkey_end (getkey_ctx_t ctx)
if (ctx)
{
keydb_release (ctx->kr_handle);
free_strlist (ctx->extra_list);
if (!ctx->not_allocated)
xfree (ctx);
}