[Pkg-gnupg-commit] [gnupg2] 130/185: gpg: Fix possible double free of the card serialno.

[Daniel Kahn Gillmor]

This is an automated email from the git hooks/post-receive script.

dkg pushed a commit to branch experimental
in repository gnupg2.

commit e888f7af6571ecd3994fd55cc18c9e2df7fd0c60
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Jul 21 17:48:40 2017 +0200

    gpg: Fix possible double free of the card serialno.
    
    * g10/free-packet.c (copy_public_key): Copy fields serialno and
    updateurl.
    --
    
    The PK->serialno is used to get the version of the card to decide
    whether it does support other algorithms than SHA-1.  This value is
    cached but no deep copy was done when calling copy_public_key.
    
    Bug detected by importing some public keys and then importing a secret
    key which led to a double free.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>
---
 g10/free-packet.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/g10/free-packet.c b/g10/free-packet.c
index cd222a2..e15ad3f 100644
--- a/g10/free-packet.c
+++ b/g10/free-packet.c
@@ -224,6 +224,12 @@ copy_public_key (PKT_public_key *d, PKT_public_key *s)
     }
   else
     d->revkey = NULL;
+
+  if (s->serialno)
+    d->serialno = xstrdup (s->serialno);
+  if (s->updateurl)
+    d->updateurl = xstrdup (s->updateurl);
+
   return d;
 }
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git