[Pkg-gnupg-commit] [gnupg2] 253/292: g10: Fix use-after-free.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Nov 21 06:31:48 UTC 2016
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch master
in repository gnupg2.
commit bd60742925414e0ef2a497df827c1913ea211a44
Author: Justus Winter <justus at g10code.com>
Date: Tue Nov 15 15:06:28 2016 +0100
g10: Fix use-after-free.
* g10/getkey.c (pubkey_cmp): Make a copy of the user id.
(get_best_pubkey_byname): Free the user ids.
Signed-off-by: Justus Winter <justus at g10code.com>
---
g10/getkey.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/g10/getkey.c b/g10/getkey.c
index 59625e7..bf197b2 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -1541,7 +1541,7 @@ pubkey_cmp (ctrl_t ctrl, const char *name, struct pubkey_cmp_cookie *old,
if (! match)
continue;
- new->uid = uid;
+ new->uid = scopy_user_id (uid);
new->validity =
get_validity (ctrl, &new->key, uid, NULL, 0) & TRUST_MASK;
new->valid = 1;
@@ -1602,21 +1602,29 @@ get_best_pubkey_byname (ctrl_t ctrl, GETKEY_CTX *retctx, PKT_public_key *pk,
{
/* New key is better. */
release_public_key_parts (&best.key);
+ if (best.uid)
+ free_user_id (best.uid);
best = new;
}
else if (diff > 0)
{
/* Old key is better. */
release_public_key_parts (&new.key);
+ if (new.uid)
+ free_user_id (new.uid);
}
else
{
/* A tie. Keep the old key. */
release_public_key_parts (&new.key);
+ if (new.uid)
+ free_user_id (new.uid);
}
}
getkey_end (ctx);
ctx = NULL;
+ if (best.uid)
+ free_user_id (best.uid);
if (best.valid)
{
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list