security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-13 22:21:09 +02:00
Code Activity

g10: Fix double free when locating by mbox

Browse Source 
* g10/getkey.c (get_best_pubkey_byname): Set new.uid always
to NULL after use.

--
pubkey_cmp is not guranteed to set new.uid.
So if the diff < 0 case is reached best is set to new.

If then diff > 0 is reached without modifying new.uid
e.g. if the key has no matching mboxes. new.uid is
free'd even though the uid is still referenced in
best.

GnuPG-Bug-Id: T4462
This commit is contained in:
Andre Heinecke 2019-04-18 13:19:05 +02:00
parent a861f9343d
commit e57954ed27
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
g10/getkey.c
View File

@ -1388,15 +1388,14 @@ get_best_pubkey_byname (ctrl_t ctrl, GETKEY_CTX *retctx, PKT_public_key *pk,
/* Old key is better. */ /* Old key is better. */
release_public_key_parts (&new.key); release_public_key_parts (&new.key);
free_user_id (new.uid); free_user_id (new.uid);
new.uid = NULL;
} }
else else
{ {
/* A tie. Keep the old key. */ /* A tie. Keep the old key. */
release_public_key_parts (&new.key); release_public_key_parts (&new.key);
free_user_id (new.uid); free_user_id (new.uid);
new.uid = NULL;
} }
new.uid = NULL;
} }
getkey_end (ctrl, ctx); getkey_end (ctrl, ctx);
ctx = NULL; ctx = NULL;