From ea28ea18f3ee6c9f5e69986f39848398b58e242e Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 22 Nov 2017 20:54:07 +0100
Subject: [PATCH] gpg: Fix memory leaking for long inputs via --command-fd.

* g10/cpr.c (do_get_from_fd): Free the old buffer.
--

If the received input is longer than 200 characters we used to leak
the previous allocated buffer.

GnuPG-bug-id: 3528
Signed-off-by: Werner Koch <wk@gnupg.org>
---
 g10/cpr.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/g10/cpr.c b/g10/cpr.c
index 154872013..a7fd1aaba 100644
--- a/g10/cpr.c
+++ b/g10/cpr.c
@@ -425,11 +425,17 @@ do_get_from_fd ( const char *keyword, int hidden, int getbool )
     {
       if (i >= len-1 )
         {
+          /* On the first iteration allocate a new buffer.  If that
+           * buffer is too short at further iterations do a poor man's
+           * realloc.  */
           char *save = string;
           len += 100;
           string = hidden? xmalloc_secure ( len ) : xmalloc ( len );
           if (save)
-            memcpy (string, save, i );
+            {
+              memcpy (string, save, i);
+              xfree (save);
+            }
           else
             i = 0;
 	}