1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-10-30 19:58:44 +01:00

gpgsm: Avoid double free when checking rsaPSS signatures.

* sm/certcheck.c (gpgsm_check_cms_signature): Do not free s_sig on
error. Its owned and freed by the caller.

--
This is part of
GnuPG-bug-id: 7129
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Fixes-commit: 969abcf40c
(cherry picked from commit dcb0b6fd48)
This commit is contained in:
Jakub Jelen 2024-05-28 17:15:03 +02:00 committed by Werner Koch
parent a1f85fdc40
commit bc43812358
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B

View File

@ -528,13 +528,11 @@ gpgsm_check_cms_signature (ksba_cert_t cert, gcry_sexp_t s_sig,
rc = extract_pss_params (s_sig, &algo, &saltlen); rc = extract_pss_params (s_sig, &algo, &saltlen);
if (rc) if (rc)
{ {
gcry_sexp_release (s_sig);
return rc; return rc;
} }
if (algo != mdalgo) if (algo != mdalgo)
{ {
log_error ("PSS hash algo mismatch (%d/%d)\n", mdalgo, algo); log_error ("PSS hash algo mismatch (%d/%d)\n", mdalgo, algo);
gcry_sexp_release (s_sig);
return gpg_error (GPG_ERR_DIGEST_ALGO); return gpg_error (GPG_ERR_DIGEST_ALGO);
} }
} }