Page MenuHome GnuPG
Create Task
Maniphest T4140

Memory leak in get_session_key
Closed, ResolvedPublic
Actions

Description

Found using oss-fuzz

This bug came probably from commit ce2f71760155b71a71418fe145a557c99bd52290

in file g10/pubkey-enc.c, function get_session_key, free_public_key is not called in every case, causing a memory leak

Patch should be so simple as

diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c
index 32b1ed08b..4119df717 100644
--- a/g10/pubkey-enc.c
+++ b/g10/pubkey-enc.c
@@ -92,6 +92,7 @@ get_session_key (ctrl_t ctrl, struct pubkey_enc_list *list, DEK *dek)
       if (rc)
         {
           rc = GPG_ERR_NO_SECKEY;
+          free_public_key (sk);
           break;
         }

Bug can be reproduced running
gpg --decrypt clusterfuzz-testcase-minimized-fuzz_decrypt-5661255155580928.dms

clusterfuzz-testcase-minimized-fuzz_decrypt-5661255155580928.dms1 BDownload

Revisions and Commits

rG GnuPG
rG64c5c45e2aa4 g10: Fix memory leak in enum_secret_keys.

Related Objects