Home GnuPG
Diffusion GnuPG 51aac7a5715d

gpgsm: Fix possible double free in the CMS parser.
51aac7a5715d
Actions

Description

gpgsm: Fix possible double free in the CMS parser.

* sm/decrypt.c (gpgsm_decrypt): Init issuer and serial in the recp
  loop to avoid a double free in case of an error from
  ksba_cms_get_issuer_serial.  Also clar enc_val to be safe for future
  code modifications.
* sm/verify.c (gpgsm_verify): Init serial.  Not really needed, though.

A common pattern in GnuPG and related software for functions returning
allocated objects is to always init them in the called function to
NULL. Unfortunately this is not always the case in libksba and it
should have been done by the caller. Changing this in libksba would be
possible but has a minor regression risk. The allocation is done by
libksba and not user-controlled; thus the severity is low.

  • Reported-by: Ciwan Öztopal
  • GnuPG-bug-id: T8240

Details

Provenance
wernerAuthored on Sun, Apr 26, 6:31 PM
Parents
rG38748456f905: Post release updates
Branches
Unknown
Tags
Unknown
References
STABLE-BRANCH-2-2
Tasks
T8240: Double free in gpgsm's decrypt function.

Changes (2)

PathSize
sm/

rG51aac7a5715d

View Options

sm/decrypt.c

Loading...
View Options

sm/verify.c

Loading...