Page MenuHome GnuPG - static
Create Task
Maniphest T8240

Double free in gpgsm's decrypt function.
Closed, ResolvedPublic
Actions

Description

Summary of the original bug report:

A crafted CMS/S/MIME message triggers a heap double-free in gpgsm during
normal decryption (gpgsm --decrypt). The crash occurs in the recipient loop
in sm/decrypt.c and is reproducible on the current HEAD as well as on tag
gnupg-2.5.19.

Revisions and Commits

rG GnuPG
rG51aac7a5715d gpgsm: Fix possible double free in the CMS parser.
rG2ceca1f5f978 gpgsm: Fix possible double free in the CMS parser.
rE libgpg-error
rEf7ded3ce666c Fix possible stack overflow in es_printf for %.100f format.

Related Objects

Event Timeline

werner renamed this task from Doiuble free in gpgsm's decrypt function. to Double free in gpgsm's decrypt function..Sun, Apr 26, 6:29 PM
werner created this task.
werner created this object with edit policy "Contributor (Project)".
werner added projects: gnupg26, Bug Report.
werner added a commit: rG2ceca1f5f978: gpgsm: Fix possible double free in the CMS parser..Sun, Apr 26, 6:32 PM
werner changed the task status from Open to Testing.Sun, Apr 26, 6:40 PM
werner triaged this task as High priority.
werner moved this task from Backlog to WIP on the gnupg26 board.
werner added a project: gnupg22.
werner added a commit: rG51aac7a5715d: gpgsm: Fix possible double free in the CMS parser..Sun, Apr 26, 6:43 PM
werner moved this task from Backlog to WiP on the gnupg22 board.Sun, Apr 26, 6:44 PM
werner added a commit: rEf7ded3ce666c: Fix possible stack overflow in es_printf for %.100f format..Wed, Apr 29, 1:57 PM
werner mentioned this in T8239: Release GpgRT 1.61.Thu, May 7, 10:26 AM
werner mentioned this in T7997: Release GnuPG 2.5.20.Wed, May 13, 3:11 PM
werner closed this task as Resolved.Wed, May 13, 3:14 PM
werner claimed this task.
werner moved this task from WIP to Done on the gnupg26 board.