security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

gpg: Fix possible double free of the card serialno. 

* g10/free-packet.c (copy_public_key): Copy fields serialno and
updateurl.
--

The PK->serialno is used to get the version of the card to decide
whether it does support other algorithms than SHA-1.  This value is
cached but no deep copy was done when calling copy_public_key.

Bug detected by importing some public keys and then importing a secret
key which led to a double free.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2017-07-21 17:48:40 +02:00
parent 5818ff0ae3
commit e888f7af65
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
g10/free-packet.c
View File

@ -224,6 +224,12 @@ copy_public_key (PKT_public_key *d, PKT_public_key *s)
}
else
d->revkey = NULL;
if (s->serialno)
d->serialno = xstrdup (s->serialno);
if (s->updateurl)
d->updateurl = xstrdup (s->updateurl);
return d;
}