kbx: Avoid uninitialized read

* kbx/kbx-client-util.c (datastream_thread): Initialize pointer * kbx/keybox-dump.c (_keybox_dump_cut_records): free blob * kbx/kbxserver.c (kbxd_start_command_handler): do not free passed ctrl * kbx/keyboxd.c (check_own_socket): free sockname -- Signed-off-by: Jakub Jelen <jjelen@redhat.com> GnuPG-bug-id: 5393
2024-12-22 10:19:57 +01:00 · 2021-04-12 21:59:17 +02:00 · 2021-04-12 21:59:17 +02:00 · fc5fac83b7
commit fc5fac83b7
parent fa0771f609
4 changed files with 9 additions and 4 deletions
--- a/kbx/kbx-client-util.c
+++ b/kbx/kbx-client-util.c
@ -176,7 +176,8 @@ datastream_thread (void *arg)
  int rc;
  unsigned char lenbuf[4];
  size_t nread, datalen;
-  char *data, *tmpdata;
+  char *data = NULL;
+  char *tmpdata;

  /* log_debug ("%s: started\n", __func__); */
  while (kcd->fp)
--- a/kbx/kbxserver.c
+++ b/kbx/kbxserver.c
@ -844,7 +844,6 @@ kbxd_start_command_handler (ctrl_t ctrl, gnupg_fd_t fd, unsigned int session_id)
    {
      log_error (_("can't allocate control structure: %s\n"),
                 gpg_strerror (gpg_error_from_syserror ()));
-      xfree (ctrl);
      return;
    }
  ctrl->server_local->client_pid = ASSUAN_INVALID_PID;
--- a/kbx/keybox-dump.c
+++ b/kbx/keybox-dump.c
@ -881,7 +881,7 @@ _keybox_dump_cut_records (const char *filename, unsigned long from,
                          unsigned long to, FILE *outfp)
 {
  estream_t fp;
-  KEYBOXBLOB blob;
+  KEYBOXBLOB blob = NULL;
  int rc;
  unsigned long recno = 0;

@ -902,6 +902,7 @@ _keybox_dump_cut_records (const char *filename, unsigned long from,
            }
        }
      _keybox_release_blob (blob);
+      blob = NULL;
      recno++;
    }
  if (rc == -1)
@ -909,6 +910,7 @@ _keybox_dump_cut_records (const char *filename, unsigned long from,
  if (rc)
    fprintf (stderr, "error reading '%s': %s\n", filename, gpg_strerror (rc));
 leave:
+  _keybox_release_blob (blob);
  if (fp != es_stdin)
    es_fclose (fp);
  return rc;
--- a/kbx/keyboxd.c
+++ b/kbx/keyboxd.c
@ -1795,7 +1795,10 @@ check_own_socket (void)

  err = npth_attr_init (&tattr);
  if (err)
-    return;
+    {
+      xfree (sockname);
+      return;
+    }
  npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED);
  err = npth_create (&thread, &tattr, check_own_socket_thread, sockname);
  if (err)