gpg: Fix memory leak in sig-check.

* g10/sig-check.c (check_signature_over_key_or_uid): Remove useless condition. Actually free when SIGNER was allocated by us. -- SIGNER_ALLOCATED never received a value of -1 but that was tested. IF SIGNER_ALLOCATED was 2 the memory was never freed: if (signer_allocated == 1) if (signer_allocated == 2) free() Fixes-commit: 44cdb9d73f1a0b7d2c8483a119b9c4d6caabc1ec This function needs to be audited more thoroughly. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-01-21 14:47:03 +01:00 · 2017-08-24 20:26:19 +02:00 · 2017-08-24 20:26:19 +02:00 · b065a69634
commit b065a69634
parent 757302cc7a
1 changed files with 5 additions and 2 deletions
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@ -878,6 +878,9 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
              if (ret_pk)
                {
                  signer = ret_pk;
+                  /* FIXME: Using memset here is probematic because it
+                   * assumes that there are no allocated fields in
+                   * SIGNER.  */
                  memset (signer, 0, sizeof (*signer));
                  signer_alloced = 1;
                }
@ -956,10 +959,10 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
  gcry_md_close (md);

 leave:
-  if (! rc && ret_pk && (signer_alloced == -1 || ret_pk != signer))
+  if (! rc && ret_pk && ret_pk != signer)
    copy_public_key (ret_pk, signer);

-  if (signer_alloced == 1)
+  if (signer_alloced)
    {
      /* We looked up SIGNER; it is not a pointer into KB.  */
      release_public_key_parts (signer);