[Pkg-gnupg-commit] [gnupg2] 18/30: gpg: Fix memory leak in sig-check.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Sep 6 21:57:31 UTC 2017
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch master
in repository gnupg2.
commit b065a696344eac3007dbd5642143ecaaeebab43a
Author: Werner Koch <wk at gnupg.org>
Date: Thu Aug 24 20:26:19 2017 +0200
gpg: Fix memory leak in sig-check.
* g10/sig-check.c (check_signature_over_key_or_uid): Remove useless
condition. Actually free when SIGNER was allocated by us.
--
SIGNER_ALLOCATED never received a value of -1 but that was tested.
IF SIGNER_ALLOCATED was 2 the memory was never freed:
if (signer_allocated == 1)
if (signer_allocated == 2)
free()
Fixes-commit: 44cdb9d73f1a0b7d2c8483a119b9c4d6caabc1ec
This function needs to be audited more thoroughly.
Signed-off-by: Werner Koch <wk at gnupg.org>
---
g10/sig-check.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/g10/sig-check.c b/g10/sig-check.c
index a4ef142..23af12b 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -878,6 +878,9 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
if (ret_pk)
{
signer = ret_pk;
+ /* FIXME: Using memset here is probematic because it
+ * assumes that there are no allocated fields in
+ * SIGNER. */
memset (signer, 0, sizeof (*signer));
signer_alloced = 1;
}
@@ -956,10 +959,10 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
gcry_md_close (md);
leave:
- if (! rc && ret_pk && (signer_alloced == -1 || ret_pk != signer))
+ if (! rc && ret_pk && ret_pk != signer)
copy_public_key (ret_pk, signer);
- if (signer_alloced == 1)
+ if (signer_alloced)
{
/* We looked up SIGNER; it is not a pointer into KB. */
release_public_key_parts (signer);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list