gpg: Fix a memory leak in batch key generation

* g10/keygen.c (append_to_parameter): New. (proc_parameter_file): Use new func to extend the parameter list. * g10/passphrase.c (passphrase_to_dek_ext): Print a diagnostic of gcry_kdf_derive failed. * g10/keygen.c (proc_parameter_file): Print a diagnostic if passphrase_to_dek failed. -- Due to an improper way of using the linked list head, all memory for items allocated in proc_parameter_file was never released. If batched key generation with a passphrase and more than ~200 keys was used this exhausted the secure memory.
author: Werner Koch <wk@gnupg.org> 2013-02-21 20:35:10 +0100
committer: Werner Koch <wk@gnupg.org> 2013-02-21 20:35:10 +0100
commit: 273bb38cd7b517460cb3de67662e96e910104675 (patch)
tree: b69fb5465833f6acdf5b3f5cdeece2a14ac51c4b /g10/passphrase.c
parent: gpg: Handle the agent's NEW_PASSPHRASE inquiry. (diff)
download: gnupg2-273bb38cd7b517460cb3de67662e96e910104675.tar.xz
gnupg2-273bb38cd7b517460cb3de67662e96e910104675.zip
1 files changed, 11 insertions, 7 deletions
diff --git a/g10/passphrase.c b/g10/passphrase.c
index d872e36ae..f83e66825 100644
--- a/g10/passphrase.c
+++ b/g10/passphrase.c
@@ -569,17 +569,21 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
     dek->keylen = 0;
   else
     {
+      gpg_error_t err;
+
       dek->keylen = openpgp_cipher_get_algo_keylen (dek->algo);
       if (!(dek->keylen > 0 && dek->keylen <= DIM(dek->key)))
         BUG ();
-      if (gcry_kdf_derive (pw, strlen (pw),
-                           s2k->mode == 3? GCRY_KDF_ITERSALTED_S2K :
-                           s2k->mode == 1? GCRY_KDF_SALTED_S2K :
-                           /* */           GCRY_KDF_SIMPLE_S2K,
-                           s2k->hash_algo, s2k->salt, 8,
-                           S2K_DECODE_COUNT(s2k->count),
-                           dek->keylen, dek->key))
+      err = gcry_kdf_derive (pw, strlen (pw),
+                             s2k->mode == 3? GCRY_KDF_ITERSALTED_S2K :
+                             s2k->mode == 1? GCRY_KDF_SALTED_S2K :
+                             /* */           GCRY_KDF_SIMPLE_S2K,
+                             s2k->hash_algo, s2k->salt, 8,
+                             S2K_DECODE_COUNT(s2k->count),
+                             dek->keylen, dek->key);
+      if (err)
         {
+          log_error ("gcry_kdf_derive failed: %s", gpg_strerror (err));
           xfree (pw);
           xfree (dek);
 	  write_status( STATUS_MISSING_PASSPHRASE );
author	Werner Koch <wk@gnupg.org>	2013-02-21 20:35:10 +0100
committer	Werner Koch <wk@gnupg.org>	2013-02-21 20:35:10 +0100
commit	273bb38cd7b517460cb3de67662e96e910104675 (patch)
tree	b69fb5465833f6acdf5b3f5cdeece2a14ac51c4b /g10/passphrase.c
parent	gpg: Handle the agent's NEW_PASSPHRASE inquiry. (diff)
download	gnupg2-273bb38cd7b517460cb3de67662e96e910104675.tar.xz gnupg2-273bb38cd7b517460cb3de67662e96e910104675.zip