Maniphest T4209

Potential memory leak in _gcry_ecc_eddsa_verify
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	t8m
	Oct 23 2018, 2:14 PM

Tags

Subscribers

Description

In ecc-eddsa.c line 728 :
https://dev.gnupg.org/source/libgcrypt/browse/master/cipher/ecc-eddsa.c;0f2c6ce2c9504c6df435463243edaa669e57b109$763

there is potential memory leak because h, s and ctx and points are allocated and not freed on error return if b!=256/8

Revisions and Commits

rC libgcrypt
	rC347987d4cf29 ecc: Fix possible memory leakage in parameter check of eddsa.
	rC149ceb3cae03 ecc: Fix possible memory leakage in parameter check of eddsa.

Related Objects

Mentioned In: T4294: Release Libgcrypt 1.9.0
T4234: Libgcrypt 1.8.4 release info

Event Timeline

t8m created this task.Oct 23 2018, 2:14 PM

t8m created this object in space S1 Public.

t8m added a project: libgcrypt.Oct 23 2018, 2:27 PM

• werner added a commit: rC149ceb3cae03: ecc: Fix possible memory leakage in parameter check of eddsa..Oct 24 2018, 10:03 AM

Thanks. Not a real world problem now but needs to be fixed.

• werner mentioned this in T4234: Libgcrypt 1.8.4 release info.Oct 26 2018, 8:01 PM

• werner mentioned this in T4294: Release Libgcrypt 1.9.0.Jan 19 2021, 10:17 AM

• werner added a commit: rC347987d4cf29: ecc: Fix possible memory leakage in parameter check of eddsa..Jun 3 2021, 7:08 PM