diff options
| author | Jakub Jelen <jjelen@redhat.com> | 2021-05-20 10:13:51 +0200 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2021-05-20 13:38:24 +0200 |
| commit | 0d2c1e9046faf102809bc65329c22b6cf8d62ea0 (patch) | |
| tree | 77d96006e7abde0a7e987fa858b96e25b19e53bf /dirmngr | |
| parent | agent: Avoid memory leaks in error code paths. (diff) | |
| download | gnupg2-0d2c1e9046faf102809bc65329c22b6cf8d62ea0.tar.xz gnupg2-0d2c1e9046faf102809bc65329c22b6cf8d62ea0.zip | |
dirmgr: clean up memory on error code paths
* dirmgr/crlcache.c (finish_sig_check): goto leave instead of return
* dirmgr/http.c (send_request): free authstr and proxy_authstr
* dirmgr/ldap.c (start_cert_fetch_ldap): free proxy
* dirmgr/ocsp.c (check_signature): release s_hash
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
GnuPG-bug-id: 5393
Diffstat (limited to 'dirmngr')
| -rw-r--r-- | dirmngr/crlcache.c | 9 | ||||
| -rw-r--r-- | dirmngr/http.c | 6 | ||||
| -rw-r--r-- | dirmngr/ldap.c | 6 | ||||
| -rw-r--r-- | dirmngr/ocsp.c | 1 |
4 files changed, 16 insertions, 6 deletions
diff --git a/dirmngr/crlcache.c b/dirmngr/crlcache.c index 9d18b721f..d508e173f 100644 --- a/dirmngr/crlcache.c +++ b/dirmngr/crlcache.c @@ -1725,7 +1725,8 @@ finish_sig_check (ksba_crl_t crl, gcry_md_hd_t md, int algo, { log_error ("hash algo mismatch: %d announced but %d used\n", algo, hashalgo); - return gpg_error (GPG_ERR_INV_CRL); + err = gpg_error (GPG_ERR_INV_CRL); + goto leave; } /* Add some restrictions; see ../sm/certcheck.c for details. */ switch (algo) @@ -1741,14 +1742,16 @@ finish_sig_check (ksba_crl_t crl, gcry_md_hd_t md, int algo, default: log_error ("PSS hash algorithm '%s' rejected\n", gcry_md_algo_name (algo)); - return gpg_error (GPG_ERR_DIGEST_ALGO); + err = gpg_error (GPG_ERR_DIGEST_ALGO); + goto leave; } if (gcry_md_get_algo_dlen (algo) != saltlen) { log_error ("PSS hash algorithm '%s' rejected due to salt length %u\n", gcry_md_algo_name (algo), saltlen); - return gpg_error (GPG_ERR_DIGEST_ALGO); + err = gpg_error (GPG_ERR_DIGEST_ALGO); + goto leave; } } diff --git a/dirmngr/http.c b/dirmngr/http.c index f7f65303b..74ce5f465 100644 --- a/dirmngr/http.c +++ b/dirmngr/http.c @@ -2208,7 +2208,11 @@ send_request (ctrl_t ctrl, http_t hd, const char *httphost, const char *auth, p = build_rel_path (hd->uri); if (!p) - return gpg_err_make (default_errsource, gpg_err_code_from_syserror ()); + { + xfree (authstr); + xfree (proxy_authstr); + return gpg_err_make (default_errsource, gpg_err_code_from_syserror ()); + } if (http_proxy && *http_proxy) { diff --git a/dirmngr/ldap.c b/dirmngr/ldap.c index ffe54bade..96abc89d0 100644 --- a/dirmngr/ldap.c +++ b/dirmngr/ldap.c @@ -563,8 +563,10 @@ start_cert_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t *r_context, use_ldaps = server->use_ldaps; } else /* Use a default server. */ - return gpg_error (GPG_ERR_NOT_IMPLEMENTED); - + { + xfree (proxy); + return gpg_error (GPG_ERR_NOT_IMPLEMENTED); + } if (!base) base = ""; diff --git a/dirmngr/ocsp.c b/dirmngr/ocsp.c index 6ed180955..6864f9854 100644 --- a/dirmngr/ocsp.c +++ b/dirmngr/ocsp.c @@ -534,6 +534,7 @@ check_signature (ctrl_t ctrl, err = ksba_ocsp_get_responder_id (ocsp, &name, &keyid); if (err) { + gcry_sexp_release (s_hash); log_error (_("error getting responder ID: %s\n"), gcry_strerror (err)); return err; |