Browse Source

kbx: Avoid uninitialized read

* kbx/kbx-client-util.c (datastream_thread): Initialize pointer
* kbx/keybox-dump.c (_keybox_dump_cut_records): free blob
* kbx/kbxserver.c (kbxd_start_command_handler): do not free passed ctrl
* kbx/keyboxd.c (check_own_socket): free sockname

--

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
GnuPG-bug-id: 5393
master
Jakub Jelen 2 months ago
committed by Werner Koch
parent
commit
fc5fac83b7
No known key found for this signature in database GPG Key ID: E3FDFF218E45B72B
  1. 3
      kbx/kbx-client-util.c
  2. 1
      kbx/kbxserver.c
  3. 4
      kbx/keybox-dump.c
  4. 5
      kbx/keyboxd.c

3
kbx/kbx-client-util.c

@ -176,7 +176,8 @@ datastream_thread (void *arg)
int rc;
unsigned char lenbuf[4];
size_t nread, datalen;
char *data, *tmpdata;
char *data = NULL;
char *tmpdata;
/* log_debug ("%s: started\n", __func__); */
while (kcd->fp)

1
kbx/kbxserver.c

@ -844,7 +844,6 @@ kbxd_start_command_handler (ctrl_t ctrl, gnupg_fd_t fd, unsigned int session_id)
{
log_error (_("can't allocate control structure: %s\n"),
gpg_strerror (gpg_error_from_syserror ()));
xfree (ctrl);
return;
}
ctrl->server_local->client_pid = ASSUAN_INVALID_PID;

4
kbx/keybox-dump.c

@ -881,7 +881,7 @@ _keybox_dump_cut_records (const char *filename, unsigned long from,
unsigned long to, FILE *outfp)
{
estream_t fp;
KEYBOXBLOB blob;
KEYBOXBLOB blob = NULL;
int rc;
unsigned long recno = 0;
@ -902,6 +902,7 @@ _keybox_dump_cut_records (const char *filename, unsigned long from,
}
}
_keybox_release_blob (blob);
blob = NULL;
recno++;
}
if (rc == -1)
@ -909,6 +910,7 @@ _keybox_dump_cut_records (const char *filename, unsigned long from,
if (rc)
fprintf (stderr, "error reading '%s': %s\n", filename, gpg_strerror (rc));
leave:
_keybox_release_blob (blob);
if (fp != es_stdin)
es_fclose (fp);
return rc;

5
kbx/keyboxd.c

@ -1795,7 +1795,10 @@ check_own_socket (void)
err = npth_attr_init (&tattr);
if (err)
return;
{
xfree (sockname);
return;
}
npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED);
err = npth_create (&thread, &tattr, check_own_socket_thread, sockname);
if (err)

Loading…
Cancel
Save