security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

g10: Fix double free when locating by mbox 

* g10/getkey.c (get_best_pubkey_byname): Set new.uid always
to NULL after use.

--
pubkey_cmp is not guranteed to set new.uid.
So if the diff < 0 case is reached best is set to new.

If then diff > 0 is reached without modifying new.uid
e.g. if the key has no matching mboxes. new.uid is
free'd even though the uid is still referenced in
best.

GnuPG-Bug-Id: T4462
This commit is contained in:
Andre Heinecke 2019-04-18 13:19:05 +02:00
parent a861f9343d
commit e57954ed27
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
g10/getkey.c
View File

@ -1388,15 +1388,14 @@ get_best_pubkey_byname (ctrl_t ctrl, GETKEY_CTX *retctx, PKT_public_key *pk,
/* Old key is better. */
release_public_key_parts (&new.key);
free_user_id (new.uid);
new.uid = NULL;
}
else
{
/* A tie. Keep the old key. */
release_public_key_parts (&new.key);
free_user_id (new.uid);
new.uid = NULL;
}
new.uid = NULL;
}
getkey_end (ctrl, ctx);
ctx = NULL;