Resource leak in file "cipher/pubkey.c" in function "gcry_pk_encrypt" at line 2876 and "gcry_pk_genkey" at line 3623
Closed, ResolvedPublic

Details

Version
1.5.4
sacrishi set Version to 1.5.4.
sacrishi added subscribers: aheinecke, werner.

File: cipher/pubkey.c

Bug No. : 1


Function: gcry_pk_encrypt
Line of error: 2879

Resource leak occurs as variable "data" with assigned memory is not freed
before going out of scope , which causes memory leak.

Libgcrypt version 1.5.4 code:

  rc = sexp_data_to_mpi (s_data, &data, &ctx);
  if (rc)
    goto leave;

-> here when the code flow jumps to leave,"data" goes out of scope ,which
despite of being allocated memory is not freed before going out of scope.

Recommended Code:

rc = sexp_data_to_mpi (s_data, &data, &ctx);
if (rc)

    {
      mpi_free (data);
      data = NULL;
      goto leave;
    }

Here it is ensured that "data" is freed ,preventing any chances of leak

Bug No. : 2


Function: gcry_pk_genkey
Line of error: 3623

Resource leak occurs as variable "string" with assigned memory is not freed
before going out of scope , which causes memory leak.

Libgcrypt version 1.5.4 code:

   if (!arg_list)
        {
          rc = gpg_err_code_from_syserror ();
          goto leave;
        }

-> here when the code flow jumps to leave,"string" goes out of scope ,which
despite of being allocated memory is not freed before going out of scope.

Recommended Code:

if (!arg_list)

{
  rc = gpg_err_code_from_syserror ();
  gcry_free (string)
  goto leave;
}

I am attaching a patch for the above raised bugs.

sacrishi renamed this task from Resource leak in file "cipher/pubkey.c" in function "gcry_pk_genkey" at line 3623 to Resource leak in file "cipher/pubkey.c" in function "gcry_pk_encrypt" at line 2876 and "gcry_pk_genkey" at line 3623.Aug 27 2014, 10:53 AM

Reminder for bug review.

Such leaks won't be fixed in an old branch. Please report only for stable and
master. Is there a reason why you always include aheinecke in the nosy list?
And please do not assign a bug to a specific person - keep it unspecified.

werner removed werner as the assignee of this task.Aug 29 2014, 11:41 AM

I include both of you as i noticed that you both are active code checkers in
Gcrypt, thats the only reason, anyways thanks for lookup.

werner added a comment.Jan 5 2015, 7:05 PM

The file has been completely rewritten for 1.6 and thus there is nothing to fix
for the current version. Thanks anyway for this report.

werner closed this task as Resolved.Jan 5 2015, 7:05 PM
werner claimed this task.
werner added a project: Won't Fix.