diff options
| author | Jakub Jelen <jjelen@redhat.com> | 2021-04-12 14:05:17 +0200 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2021-05-20 13:51:47 +0200 |
| commit | e6132bc9f41727ea1abe2d6298610223c11639a2 (patch) | |
| tree | 6d76b81dc687c9dd7627e5495dd1cf815ad3be09 /sm | |
| parent | g10: Fix memory leaks (diff) | |
| download | gnupg2-e6132bc9f41727ea1abe2d6298610223c11639a2.tar.xz gnupg2-e6132bc9f41727ea1abe2d6298610223c11639a2.zip | |
sm: Avoid memory leaks and double double-free
* sm/certcheck.c (extract_pss_params): Avoid double free
* sm/decrypt.c (gpgsm_decrypt): goto leave instead of return
* sm/encrypt.c (encrypt_dek): release s_pkey
* sm/server.c (cmd_export): free list
(do_listkeys): free lists
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
GnuPG-bug-id: 5393
Diffstat (limited to 'sm')
| -rw-r--r-- | sm/certcheck.c | 1 | ||||
| -rw-r--r-- | sm/decrypt.c | 5 | ||||
| -rw-r--r-- | sm/encrypt.c | 1 | ||||
| -rw-r--r-- | sm/server.c | 26 |
4 files changed, 26 insertions, 7 deletions
diff --git a/sm/certcheck.c b/sm/certcheck.c index fca45759b..f4db858c3 100644 --- a/sm/certcheck.c +++ b/sm/certcheck.c @@ -294,7 +294,6 @@ extract_pss_params (gcry_sexp_t s_sig, int *r_algo, unsigned int *r_saltlen) if (*r_saltlen < 20) { log_error ("length of PSS salt too short\n"); - gcry_sexp_release (s_sig); return gpg_error (GPG_ERR_DIGEST_ALGO); } if (!*r_algo) diff --git a/sm/decrypt.c b/sm/decrypt.c index d720913dc..c5f073190 100644 --- a/sm/decrypt.c +++ b/sm/decrypt.c @@ -1148,7 +1148,10 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp) dfparm.mode = mode; dfparm.blklen = gcry_cipher_get_algo_blklen (algo); if (dfparm.blklen > sizeof (dfparm.helpblock)) - return gpg_error (GPG_ERR_BUG); + { + rc = gpg_error (GPG_ERR_BUG); + goto leave; + } rc = ksba_cms_get_content_enc_iv (cms, dfparm.iv, diff --git a/sm/encrypt.c b/sm/encrypt.c index 92ca341f5..ba2428e9a 100644 --- a/sm/encrypt.c +++ b/sm/encrypt.c @@ -473,6 +473,7 @@ encrypt_dek (const DEK dek, ksba_cert_t cert, int pk_algo, rc = encode_session_key (dek, &s_data); if (rc) { + gcry_sexp_release (s_pkey); log_error ("encode_session_key failed: %s\n", gpg_strerror (rc)); return rc; } diff --git a/sm/server.c b/sm/server.c index 874f0db89..2a6d7c381 100644 --- a/sm/server.c +++ b/sm/server.c @@ -724,8 +724,13 @@ cmd_export (assuan_context_t ctx, char *line) if (opt_secret) { - if (!list || !*list->d) + if (!list) return set_error (GPG_ERR_NO_DATA, "No key given"); + if (!*list->d) + { + free_strlist (list); + return set_error (GPG_ERR_NO_DATA, "No key given"); + } if (list->next) return set_error (GPG_ERR_TOO_MANY, "Only one key allowed"); } @@ -1014,17 +1019,27 @@ do_listkeys (assuan_context_t ctx, char *line, int mode) int outfd = translate_sys2libc_fd (assuan_get_output_fd (ctx), 1); if ( outfd == -1 ) - return set_error (GPG_ERR_ASS_NO_OUTPUT, NULL); + { + free_strlist (list); + return set_error (GPG_ERR_ASS_NO_OUTPUT, NULL); + } fp = es_fdopen_nc (outfd, "w"); if (!fp) - return set_error (gpg_err_code_from_syserror (), "es_fdopen() failed"); + { + free_strlist (list); + return set_error (gpg_err_code_from_syserror (), + "es_fdopen() failed"); + } } else { fp = es_fopencookie (ctx, "w", data_line_cookie_functions); if (!fp) - return set_error (GPG_ERR_ASS_GENERAL, - "error setting up a data stream"); + { + free_strlist (list); + return set_error (GPG_ERR_ASS_GENERAL, + "error setting up a data stream"); + } } ctrl->with_colons = 1; @@ -1034,6 +1049,7 @@ do_listkeys (assuan_context_t ctx, char *line, int mode) if (ctrl->server_local->list_external) listmode |= (1<<7); err = gpgsm_list_keys (assuan_get_pointer (ctx), list, fp, listmode); + free_strlist (list); es_fclose (fp); if (ctrl->server_local->list_to_output) |