Memory Leak :: allocated Memory will not be released :: gpgme-json.c:1023 :: function "subkey_to_json(...)"
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	Hoeer.Code-Intelligence
	Jan 25 2019, 10:24 AM

Description

(SYSTEM: ArchLinux - current version, gpgme version 1.12.0)

Type : Memory Leak
Risk: low

Desc:
The function "gpgme_pubkey_algo_string()" calls in the last two cases
strdup and generate a new string. This string will never be freed.

strdup() calls malloc internally. If the given memoryspace will
not be freed, gpgme will likely running out of memory.

FIX:

(line number 1001 and following)
... 
- xjson_AddStringToObject0 (result, "pubkey_algo_string",
                           gpgme_pubkey_algo_string (sub));
...
+ char * tmp = gpgme_pubkey_algo_string (sub);
+ xjson_AddStringToObject0 (result, "pubkey_algo_string",
+                           tmp);
+ free(tmp);
+ tmp = NULL;
...

found with libFuzzer and ASAN by clang 7.0.1

regards
Sirko Höer
Code Intelligence GmbH