agent: Avoid memory leaks in error code paths.

* agent/command.c (cmd_genkey): Use goto instead of return. * agent/cvt-openpgp.c (convert_from_openpgp_main): Ditto. * agent/genkey.c (agent_ask_new_passphrase): Fix typo to free correct pointer (agent_genkey): Release memory * agent/gpg-agent.c (check_own_socket): Free sockname * agent/protect-tool.c (read_key): Free buf. (agent_askpin): Free passphrase -- Signed-off-by: Jakub Jelen <jjelen@redhat.com> Changed original patch to not add a free before a GPG_ERR_BUG. Signed-off-by: Werner Koch <wk@gnupg.org> GnuPG-bug-id: 5393
2021-05-20 10:13:51 +02:00 · 2021-05-20 10:13:51 +02:00 · a95ddffdcd
parent a660e10606
commit a95ddffdcd
6 changed files with 23 additions and 8 deletions
--- a/agent/command.c
+++ b/agent/command.c
@ -1144,10 +1144,11 @@ cmd_genkey (assuan_context_t ctx, char *line)

  /* First inquire the parameters */
  rc = print_assuan_status (ctx, "INQUIRE_MAXLEN", "%u", MAXLEN_KEYPARAM);
-  if (!rc)
-    rc = assuan_inquire (ctx, "KEYPARAM", &value, &valuelen, MAXLEN_KEYPARAM);
  if (rc)
-    return rc;
+    goto leave;
+  rc = assuan_inquire (ctx, "KEYPARAM", &value, &valuelen, MAXLEN_KEYPARAM);
+  if (rc)
+    goto leave;

  init_membuf (&outbuf, 512);

--- a/agent/cvt-openpgp.c
+++ b/agent/cvt-openpgp.c
@ -964,7 +964,10 @@ convert_from_openpgp_main (ctrl_t ctrl, gcry_sexp_t s_pgp, int dontcare_exist,

      pi = xtrycalloc_secure (1, sizeof (*pi) + MAX_PASSPHRASE_LEN + 1);
      if (!pi)
-        return gpg_error_from_syserror ();
+        {
+          err = gpg_error_from_syserror ();
+          goto leave;
+        }
      pi->max_length = MAX_PASSPHRASE_LEN + 1;
      pi->min_digits = 0;  /* We want a real passphrase.  */
      pi->max_digits = 16;
--- a/agent/genkey.c
+++ b/agent/genkey.c
@ -363,7 +363,7 @@ agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt,
  if (!pi2)
    {
      err = gpg_error_from_syserror ();
-      xfree (pi2);
+      xfree (pi);
      return err;
    }
  pi->max_length = MAX_PASSPHRASE_LEN + 1;
@ -465,7 +465,10 @@ agent_genkey (ctrl_t ctrl, const char *cache_nonce, time_t timestamp,
                                        "protect your new key"),
                                     &passphrase_buffer);
      if (rc)
-        return rc;
+        {
+          gcry_sexp_release (s_keyparam);
+          return rc;
+        }
      passphrase = passphrase_buffer;
    }

--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@ -3218,7 +3218,10 @@ check_own_socket (void)

  err = npth_attr_init (&tattr);
  if (err)
-    return;
+    {
+      xfree (sockname);
+      return;
+    }
  npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED);
  err = npth_create (&thread, &tattr, check_own_socket_thread, sockname);
  if (err)
--- a/agent/protect-tool.c
+++ b/agent/protect-tool.c
@ -319,6 +319,7 @@ read_key (const char *fname)
  if (buflen >= 4 && !memcmp (buf, "Key:", 4))
    {
      log_error ("Extended key format is not supported by this tool\n");
+      xfree (buf);
      return NULL;
    }
  key = make_canonical (fname, buf, buflen);
@ -793,7 +794,10 @@ agent_askpin (ctrl_t ctrl,
  passphrase = get_passphrase (0);
  size = strlen (passphrase);
  if (size >= pininfo->max_length)
-    return gpg_error (GPG_ERR_TOO_LARGE);
+    {
+      xfree (passphrase);
+      return gpg_error (GPG_ERR_TOO_LARGE);
+    }

  memcpy (&pininfo->pin, passphrase, size);
  xfree (passphrase);
--- a/common/tlv-builder.c
+++ b/common/tlv-builder.c
@ -350,6 +350,7 @@ get_tlv_length (int class, int tag, int constructed, size_t length)

  (void)constructed;  /* Not used, but passed for uniformity of such calls.  */

+  /* coverity[identical_branches] */
  if (tag < 0x1f)
    {
      buflen++;