diff options
| author | Jakub Jelen <[email protected]> | 2021-04-12 19:59:17 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2021-05-20 12:45:29 +0000 |
| commit | fc5fac83b778f0ff61608c286448ab7fa14ccb2d (patch) | |
| tree | eb0a9d64a542d7be3f166610f9a3ed1325900eff | |
| parent | g10: Avoid memory leaks (diff) | |
| download | gnupg-fc5fac83b778f0ff61608c286448ab7fa14ccb2d.tar.gz gnupg-fc5fac83b778f0ff61608c286448ab7fa14ccb2d.zip | |
kbx: Avoid uninitialized read
* kbx/kbx-client-util.c (datastream_thread): Initialize pointer
* kbx/keybox-dump.c (_keybox_dump_cut_records): free blob
* kbx/kbxserver.c (kbxd_start_command_handler): do not free passed ctrl
* kbx/keyboxd.c (check_own_socket): free sockname
--
Signed-off-by: Jakub Jelen <[email protected]>
GnuPG-bug-id: 5393
| -rw-r--r-- | kbx/kbx-client-util.c | 3 | ||||
| -rw-r--r-- | kbx/kbxserver.c | 1 | ||||
| -rw-r--r-- | kbx/keybox-dump.c | 4 | ||||
| -rw-r--r-- | kbx/keyboxd.c | 5 |
4 files changed, 9 insertions, 4 deletions
diff --git a/kbx/kbx-client-util.c b/kbx/kbx-client-util.c index bd71cf2ba..f9d06fab8 100644 --- a/kbx/kbx-client-util.c +++ b/kbx/kbx-client-util.c @@ -176,7 +176,8 @@ datastream_thread (void *arg) int rc; unsigned char lenbuf[4]; size_t nread, datalen; - char *data, *tmpdata; + char *data = NULL; + char *tmpdata; /* log_debug ("%s: started\n", __func__); */ while (kcd->fp) diff --git a/kbx/kbxserver.c b/kbx/kbxserver.c index 55b478586..0b76cde31 100644 --- a/kbx/kbxserver.c +++ b/kbx/kbxserver.c @@ -844,7 +844,6 @@ kbxd_start_command_handler (ctrl_t ctrl, gnupg_fd_t fd, unsigned int session_id) { log_error (_("can't allocate control structure: %s\n"), gpg_strerror (gpg_error_from_syserror ())); - xfree (ctrl); return; } ctrl->server_local->client_pid = ASSUAN_INVALID_PID; diff --git a/kbx/keybox-dump.c b/kbx/keybox-dump.c index 3e66b72a1..38608ceaa 100644 --- a/kbx/keybox-dump.c +++ b/kbx/keybox-dump.c @@ -881,7 +881,7 @@ _keybox_dump_cut_records (const char *filename, unsigned long from, unsigned long to, FILE *outfp) { estream_t fp; - KEYBOXBLOB blob; + KEYBOXBLOB blob = NULL; int rc; unsigned long recno = 0; @@ -902,6 +902,7 @@ _keybox_dump_cut_records (const char *filename, unsigned long from, } } _keybox_release_blob (blob); + blob = NULL; recno++; } if (rc == -1) @@ -909,6 +910,7 @@ _keybox_dump_cut_records (const char *filename, unsigned long from, if (rc) fprintf (stderr, "error reading '%s': %s\n", filename, gpg_strerror (rc)); leave: + _keybox_release_blob (blob); if (fp != es_stdin) es_fclose (fp); return rc; diff --git a/kbx/keyboxd.c b/kbx/keyboxd.c index 76a0694a4..3f759e6f7 100644 --- a/kbx/keyboxd.c +++ b/kbx/keyboxd.c @@ -1795,7 +1795,10 @@ check_own_socket (void) err = npth_attr_init (&tattr); if (err) - return; + { + xfree (sockname); + return; + } npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED); err = npth_create (&thread, &tattr, check_own_socket_thread, sockname); if (err) |