Page MenuHome GnuPG
Create Task
Maniphest T5825

[gpgme] [python] possible dangling reference to passphrase
Closed, ResolvedPublic
Actions

Description

When the current implementation does operations like decrypt and
encrypt with a passphrase provided as a function argument, it
temporarily changes the pinentry mode and sets up a passphrase
callback.

After finishing the operation, the pinentry mode is reset to the
previous state, but if there was no callback function previously, the
passphrase callback is not reset. This keeps a reference to the
passphrase function active, which in turn has a reference to the
passphrase itself. This may keep the passphrase in memory
unexpectedly.

Details

Version
1.17.0

Related Objects

Event Timeline

jap created this task.Feb 10 2022, 2:42 PM

0001-Drop-the-reference-to-passphrase-callback-when-no-lo.patch2 KBDownload

jap added projects: gpgme, patch.Feb 10 2022, 2:43 PM
jap changed Version from 0.17.0 to 1.17.0.
werner triaged this task as High priority.Feb 14 2022, 12:51 PM
gniibe claimed this task.Aug 5 2022, 4:09 AM
gniibe added a project: Restricted Project.
gniibe added a subscriber: gniibe.

Thank you for the patch. You are right.

More over, the old code was also wrong when there were cases when self.set_passphrase_cb called with hook != None (for now, we don't have the case, though).

Applied (with my writing the ChangeLog entry, changing the subject for the commit).

gniibe added a comment.Aug 5 2022, 7:59 AM

The commit is: rMb2f224a471fe: python: Reset passphrase callback correctly..

gniibe moved this task from Backlog to Python stuff on the gpgme board.Aug 5 2022, 8:10 AM
gniibe closed this task as Resolved.Aug 15 2022, 2:56 AM
gniibe removed a project: Restricted Project.

It's in 1.18.0.