Memory leak in read_block
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	catenacyber
	Apr 23 2018, 4:28 PM

Description

Found using oss-fuzz

in file g10/import.c, function read_block, compress filter is allocated even when it is not pushed.
same as https://dev.gnupg.org/T3898

Patch should be so simple as

diff --git a/g10/import.c b/g10/import.c
index 09ce7edfa..eb0445ea5 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -852,7 +852,7 @@ read_block( IOBUF a, int with_meta,
                rc = GPG_ERR_COMPR_ALGO;
                goto ready;{F294155}
              }
-           else
+           else if (pkt->pkt.compressed->algorithm)
              {
                compress_filter_context_t *cfx = xmalloc_clear( sizeof *cfx );
                pkt->pkt.compressed->buf = NULL;

Bug can be reproduced running
gpg --import leak-86e4fce3a0271254786e43e281e3ea52da5a9b7c

leak-86e4fce3a0271254786e43e281e3ea52da5a9b7c4 BDownload

Revisions and Commits

rG GnuPG
	rGd26363e4f193 gpg: Fix minor memory leak in the compress filter.

Event Timeline

catenacyber created this task.Apr 23 2018, 4:28 PM

• werner triaged this task as Normal priority.Apr 26 2018, 11:18 AM

• werner added a project: gnupg (gpg22).

• werner added a commit: rGd26363e4f193: gpg: Fix minor memory leak in the compress filter..May 2 2018, 8:29 PM

Thanks.

Memory leak in read_blockClosed, ResolvedPublicActions

Description

Revisions and Commits

Event Timeline

Memory leak in read_block
Closed, ResolvedPublic
Actions