security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00
Code Activity

gpg: Fix memory leak in sig-check.

Browse source 
* g10/sig-check.c (check_signature_over_key_or_uid): Remove useless
condition.  Actually free when SIGNER was allocated by us.
--

SIGNER_ALLOCATED never received a value of -1 but that was tested.

IF SIGNER_ALLOCATED was 2 the memory was never freed:

  if (signer_allocated == 1)
    if (signer_allocated == 2)
      free()

Fixes-commit: 44cdb9d73f

This function needs to be audited more thoroughly.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2017-08-24 20:26:19 +02:00
parent 757302cc7a
commit b065a69634
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
1 changed files with 5 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

7
g10/sig-check.c
View file

@ -878,6 +878,9 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
if (ret_pk) if (ret_pk)
{ {
signer = ret_pk; signer = ret_pk;
/* FIXME: Using memset here is probematic because it
* assumes that there are no allocated fields in
* SIGNER. */
memset (signer, 0, sizeof (*signer)); memset (signer, 0, sizeof (*signer));
signer_alloced = 1; signer_alloced = 1;
} }
@ -956,10 +959,10 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
gcry_md_close (md); gcry_md_close (md);
leave: leave:
if (! rc && ret_pk && (signer_alloced == -1 || ret_pk != signer)) if (! rc && ret_pk && ret_pk != signer)
copy_public_key (ret_pk, signer); copy_public_key (ret_pk, signer);
if (signer_alloced == 1) if (signer_alloced)
{ {
/* We looked up SIGNER; it is not a pointer into KB. */ /* We looked up SIGNER; it is not a pointer into KB. */
release_public_key_parts (signer); release_public_key_parts (signer);