Page MenuHome GnuPG

libgcrypt coverity static analysis reports
Closed, ResolvedPublic


the coverity scan reported couple of issues in libgcrypt. Ignoring the tests memory leaks and false positives, one looks like a real issue:

Error: RESOURCE_LEAK (CWE-772): [#def8]
libgcrypt-1.9.1/cipher/ecc-eddsa.c:997: alloc_fn: Storage is returned from allocation function "_gcry_mpi_new".
libgcrypt-1.9.1/cipher/ecc-eddsa.c:997: var_assign: Assigning: "s" = storage returned from "_gcry_mpi_new(0U)".
libgcrypt-1.9.1/cipher/ecc-eddsa.c:1006: leaked_storage: Variable "s" going out of scope leaks the storage it points to.
# 1004|       b++;
# 1005|     else
# 1006|->     return GPG_ERR_NOT_IMPLEMENTED;
# 1007|   
# 1008|     /* Encode and check the public key.  */

The patch to address this issue is attached:

Revisions and Commits

Related Objects

Event Timeline

werner added a subscriber: werner.

Yes, will be fixed but it has no severity because the fault is actually by the caller.

gniibe claimed this task.
gniibe added a subscriber: gniibe.

Thank you.
We also need to release memory for points.

And... reviewing this patch, I found another (real) leak.

Applied and pushed in rCa8d6c6c1b258: cipher: Fix memory leaks for EdDSA..