Memory leak in function buf_to_sig
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	catenacyber
	Jun 30 2018, 6:16 PM

Description

Found by oss-fuzz

Memory is allocated at
sig->hashed = xmalloc (sizeof (*sig->hashed) + n - 1);
in function parse_signaturein file g10/parse-packet.c

Memory gets leaked at

if (parse_signature (iobuf, PKT_SIGNATURE, len, sig) != 0)
  {
    xfree (sig);
    sig = NULL;
  }

in fonction buf_to_sig

Patch could simply be

diff --git a/g10/getkey.c b/g10/getkey.c
index 445e8a6a1..d018be655 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -3142,7 +3142,7 @@ buf_to_sig (const byte * buf, size_t len)
 
   if (parse_signature (iobuf, PKT_SIGNATURE, len, sig) != 0)
     {
-      xfree (sig);
+      free_seckey_enc (sig);
       sig = NULL;
     }