Page MenuHome GnuPG

Memory leak in get_session_key
Closed, ResolvedPublic


Found using oss-fuzz

This bug came probably from commit ce2f71760155b71a71418fe145a557c99bd52290

in file g10/pubkey-enc.c, function get_session_key, free_public_key is not called in every case, causing a memory leak

Patch should be so simple as

diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c
index 32b1ed08b..4119df717 100644
--- a/g10/pubkey-enc.c
+++ b/g10/pubkey-enc.c
@@ -92,6 +92,7 @@ get_session_key (ctrl_t ctrl, struct pubkey_enc_list *list, DEK *dek)
       if (rc)
           rc = GPG_ERR_NO_SECKEY;
+          free_public_key (sk);

Bug can be reproduced running
gpg --decrypt clusterfuzz-testcase-minimized-fuzz_decrypt-5661255155580928.dms

Revisions and Commits