Page MenuHome GnuPG

Memory leak in check_sig_and_print
Closed, ResolvedPublic

Description

Found using oss-fuzz

rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey, &pk);

allocates memory and stores it in pk

Then, in most cases, memory gets freed.
But in the last case before returning, it remains unfreed.

Patch would be like

diff --git a/g10/mainproc.c b/g10/mainproc.c
index 74c6e9ec3..6a0389de6 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -2287,10 +2287,11 @@ check_sig_and_print (CTX c, kbnode_t node)
        }
       if (gpg_err_code (rc) != GPG_ERR_NOT_PROCESSED)
         log_error (_("Can't check signature: %s\n"), gpg_strerror (rc));
+
+      free_public_key (pk);
+      pk = NULL;
     }

   return rc;
 }

Bug can be reproduced with sample
gpg --verify leak-63d8afd9fd5b9125dc068a508933f8c73b508d56

Revisions and Commits

Event Timeline

Thanks again. Good catch.
In Japanese 39 sounds like "Thank You!", that's indeed appropriate to your report. :-)

gniibe changed the task status from Open to Testing.Apr 13 2018, 9:46 AM
gniibe claimed this task.
gniibe triaged this task as Normal priority.
gniibe added a project: gnupg (gpg22).

You are welcome :-) I did not know about that 39-Arigato