From dcb0b6fd4822107d68bcb046d4d0650d02c82522 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Tue, 28 May 2024 17:15:03 +0200 Subject: [PATCH] gpgsm: Avoid double free when checking rsaPSS signatures. * sm/certcheck.c (gpgsm_check_cms_signature): Do not free s_sig on error. Its owned and freed by the caller. -- This is part of GnuPG-bug-id: 7129 Signed-off-by: Jakub Jelen Fixes-commit: 969abcf40cdfc65f3ee859c5e62889e1a8ccde91 --- sm/certcheck.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/sm/certcheck.c b/sm/certcheck.c index f4db858c3..ef1b6ec54 100644 --- a/sm/certcheck.c +++ b/sm/certcheck.c @@ -630,13 +630,11 @@ gpgsm_check_cms_signature (ksba_cert_t cert, gcry_sexp_t s_sig, rc = extract_pss_params (s_sig, &algo, &saltlen); if (rc) { - gcry_sexp_release (s_sig); return rc; } if (algo != mdalgo) { log_error ("PSS hash algo mismatch (%d/%d)\n", mdalgo, algo); - gcry_sexp_release (s_sig); return gpg_error (GPG_ERR_DIGEST_ALGO); } }