dirmngr,gpgsm: Return NULL on fail

* dirmngr/ldapserver.c (ldapserver_parse_one): Set SERVER to NULL. * sm/gpgsm.c (parse_keyserver_line): Ditto. -- Reported-by: Joshua Rogers <git@internot.info> "If something inside the ldapserver_parse_one function failed, 'server' would be freed, then returned, leading to a use-after-free. This code is likely copied from sm/gpgsm.c, which was also susceptible to this bug." Signed-off-by: Werner Koch <wk@gnupg.org>
2025-01-18 14:17:03 +01:00 · 2014-12-22 12:16:46 +01:00 · 2014-12-22 12:16:46 +01:00 · abd5f6752d
commit abd5f6752d
parent bdc8efbdd1
2 changed files with 2 additions and 0 deletions
--- a/dirmngr/ldapserver.c
+++ b/dirmngr/ldapserver.c
@ -125,6 +125,7 @@ ldapserver_parse_one (char *line,
    {
      log_info (_("%s:%u: skipping this line\n"), filename, lineno);
      ldapserver_list_free (server);
+      server = NULL;
    }

  return server;
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@ -862,6 +862,7 @@ parse_keyserver_line (char *line,
    {
      log_info (_("%s:%u: skipping this line\n"), filename, lineno);
      keyserver_list_free (server);
+      server = NULL;
    }

  return server;