Memory leak in check_sig_and_print
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	catenacyber
	Apr 13 2018, 8:35 AM

Description

Found using oss-fuzz

rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey, &pk);

allocates memory and stores it in pk

Then, in most cases, memory gets freed.
But in the last case before returning, it remains unfreed.

Patch would be like

diff --git a/g10/mainproc.c b/g10/mainproc.c
index 74c6e9ec3..6a0389de6 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -2287,10 +2287,11 @@ check_sig_and_print (CTX c, kbnode_t node)
        }
       if (gpg_err_code (rc) != GPG_ERR_NOT_PROCESSED)
         log_error (_("Can't check signature: %s\n"), gpg_strerror (rc));
+
+      free_public_key (pk);
+      pk = NULL;
     }

   return rc;
 }

Bug can be reproduced with sample
gpg --verify leak-63d8afd9fd5b9125dc068a508933f8c73b508d56

leak-63d8afd9fd5b9125dc068a508933f8c73b508d561 KBDownload

Revisions and Commits

rG GnuPG
	rGf747b8f07343 g10: Fix memory leak in check_sig_and_print.

Event Timeline

catenacyber created this task.Apr 13 2018, 8:35 AM

• gniibe added a commit: rGf747b8f07343: g10: Fix memory leak in check_sig_and_print..Apr 13 2018, 9:45 AM

Thanks again. Good catch.
In Japanese 39 sounds like "Thank You!", that's indeed appropriate to your report. :-)

• gniibe changed the task status from Open to Testing.Apr 13 2018, 9:46 AM

• gniibe claimed this task.

• gniibe triaged this task as Normal priority.

• gniibe added a project: gnupg (gpg22).

You are welcome :-) I did not know about that 39-Arigato

• gniibe closed this task as Resolved.Jul 3 2018, 2:14 AM

Memory leak in check_sig_and_printClosed, ResolvedPublicActions

Description

Revisions and Commits

Event Timeline

Memory leak in check_sig_and_print
Closed, ResolvedPublic
Actions