Page MenuHome GnuPG

not all calloc performed in libgcrypt covered by gcry_set_allocation_handler
Closed, ResolvedPublic

Description

libgcrypt allows to provide our own malloc implementation. This malloc is then used to provide an internal gcry_xcalloc

However I have identified one direct call of calloc instead of gcry_xcalloc
random-drbg.c -> drbg_sym_init

Details

Version
1.8.2

Event Timeline

werner triaged this task as Low priority.
werner added a subscriber: werner.

Thanks. Indeed this should also use the x... wrappers. It is not severe because this value is only used as a fixed constant.
Thus we won't fix it in 1.8 but should do this 1.9.

I am currently considering improvement of finalizer of libgcrypt, so, this matters.
Looking code, it would be better not to allocate and free the constant,
but use compile time constant data in .text section; Something like: const unsigned char ctr_null[DBRG_CTR_NULL_LEN].