From ece154562f00e95c19cbd0567516dd5e07509308 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Tue, 28 May 2024 17:15:03 +0200
Subject: [PATCH] gpgsm: Avoid double free when checking rsaPSS signatures.

* sm/certcheck.c (gpgsm_check_cms_signature): Do not free s_sig on
error. Its owned and freed by the caller.

--
This is part of
GnuPG-bug-id: 7129
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Fixes-commit: 969abcf40cdfc65f3ee859c5e62889e1a8ccde91
(cherry picked from commit dcb0b6fd4822107d68bcb046d4d0650d02c82522)
---
 sm/certcheck.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/sm/certcheck.c b/sm/certcheck.c
index f4db858c3..ef1b6ec54 100644
--- a/sm/certcheck.c
+++ b/sm/certcheck.c
@@ -630,13 +630,11 @@ gpgsm_check_cms_signature (ksba_cert_t cert, gcry_sexp_t s_sig,
       rc = extract_pss_params (s_sig, &algo, &saltlen);
       if (rc)
         {
-          gcry_sexp_release (s_sig);
           return rc;
         }
       if (algo != mdalgo)
         {
           log_error ("PSS hash algo mismatch (%d/%d)\n", mdalgo, algo);
-          gcry_sexp_release (s_sig);
           return gpg_error (GPG_ERR_DIGEST_ALGO);
         }
     }