Page MenuHome GnuPG

[gpgme] [python] possible dangling reference to passphrase
Closed, ResolvedPublic


When the current implementation does operations like decrypt and
encrypt with a passphrase provided as a function argument, it
temporarily changes the pinentry mode and sets up a passphrase

After finishing the operation, the pinentry mode is reset to the
previous state, but if there was no callback function previously, the
passphrase callback is not reset. This keeps a reference to the
passphrase function active, which in turn has a reference to the
passphrase itself. This may keep the passphrase in memory



Event Timeline

jap changed Version from 0.17.0 to 1.17.0.
werner triaged this task as High priority.Feb 14 2022, 12:51 PM
gniibe added a project: Restricted Project.
gniibe added a subscriber: gniibe.

Thank you for the patch. You are right.

More over, the old code was also wrong when there were cases when self.set_passphrase_cb called with hook != None (for now, we don't have the case, though).

Applied (with my writing the ChangeLog entry, changing the subject for the commit).

gniibe removed a project: Restricted Project.

It's in 1.18.0.