diff options
| author | Werner Koch <wk@gnupg.org> | 2017-03-30 16:01:52 +0200 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2017-03-30 16:01:52 +0200 |
| commit | 7bf24e8146116a30c4c9d7b6dbf8bbb27fc35971 (patch) | |
| tree | e095f9d4803de715a40cff6f3dcecde1b9dc65bb /g10/parse-packet.c | |
| parent | gpg: Fix export porting of zero length user ID packets. (diff) | |
| download | gnupg2-7bf24e8146116a30c4c9d7b6dbf8bbb27fc35971.tar.xz gnupg2-7bf24e8146116a30c4c9d7b6dbf8bbb27fc35971.zip | |
gpg: Fix actual leak and possible leaks in the packet parser.
* g10/packet.h (struct parse_packet_ctx_s): Change LAST_PKT deom a
pointer to its struct.
(init_parse_packet): Adjust for LAST_PKT not being a pointer.
* g10/parse-packet.c (parse): Ditto. Free the last packet before
storing a new one in case of a deep link.
(parse_ring_trust): Adjust for LAST_PKT not being a pointer.
* g10/free-packet.c (free_packet): Ditto.
* g10/t-keydb-get-keyblock.c (do_test): Release keyblock.
--
Fixes-commit: afa86809087909a8ba2f9356588bf90cc923529c
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'g10/parse-packet.c')
| -rw-r--r-- | g10/parse-packet.c | 25 |
1 files changed, 13 insertions, 12 deletions
diff --git a/g10/parse-packet.c b/g10/parse-packet.c index df04fbc8b..793e19827 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -833,14 +833,15 @@ parse (parse_packet_ctx_t ctx, PACKET *pkt, int onlykeypkts, off_t * retpos, } /* Store a shallow copy of certain packets in the context. */ + free_packet (NULL, ctx); if (!rc && (pkttype == PKT_PUBLIC_KEY || pkttype == PKT_SECRET_KEY || pkttype == PKT_USER_ID || pkttype == PKT_ATTRIBUTE || pkttype == PKT_SIGNATURE)) - ctx->last_pkt = pkt; - else - ctx->last_pkt = NULL; + { + ctx->last_pkt = *pkt; + } leave: /* FIXME: We leak in case of an error (see the xmalloc's above). */ @@ -2992,12 +2993,12 @@ parse_ring_trust (parse_packet_ctx_t ctx, unsigned long pktlen) /* Now transfer the data to the respective packet. Do not do this * if SKIP_META is set. */ - if (!ctx->last_pkt || ctx->skip_meta) + if (!ctx->last_pkt.pkt.generic || ctx->skip_meta) ; else if (rt.subtype == RING_TRUST_SIG - && ctx->last_pkt->pkttype == PKT_SIGNATURE) + && ctx->last_pkt.pkttype == PKT_SIGNATURE) { - PKT_signature *sig = ctx->last_pkt->pkt.signature; + PKT_signature *sig = ctx->last_pkt.pkt.signature; if ((rt.sigcache & 1)) { @@ -3006,10 +3007,10 @@ parse_ring_trust (parse_packet_ctx_t ctx, unsigned long pktlen) } } else if (rt.subtype == RING_TRUST_UID - && (ctx->last_pkt->pkttype == PKT_USER_ID - || ctx->last_pkt->pkttype == PKT_ATTRIBUTE)) + && (ctx->last_pkt.pkttype == PKT_USER_ID + || ctx->last_pkt.pkttype == PKT_ATTRIBUTE)) { - PKT_user_id *uid = ctx->last_pkt->pkt.user_id; + PKT_user_id *uid = ctx->last_pkt.pkt.user_id; uid->keysrc = rt.keysrc; uid->keyupdate = rt.keyupdate; @@ -3017,10 +3018,10 @@ parse_ring_trust (parse_packet_ctx_t ctx, unsigned long pktlen) rt.url = NULL; } else if (rt.subtype == RING_TRUST_KEY - && (ctx->last_pkt->pkttype == PKT_PUBLIC_KEY - || ctx->last_pkt->pkttype == PKT_SECRET_KEY)) + && (ctx->last_pkt.pkttype == PKT_PUBLIC_KEY + || ctx->last_pkt.pkttype == PKT_SECRET_KEY)) { - PKT_public_key *pk = ctx->last_pkt->pkt.public_key; + PKT_public_key *pk = ctx->last_pkt.pkt.public_key; pk->keysrc = rt.keysrc; pk->keyupdate = rt.keyupdate; |