From 70b871abbc4ec0968152968c10269cee72286df3 Mon Sep 17 00:00:00 2001
From: Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
Date: Wed, 20 Apr 2011 11:33:09 +0200
Subject: Fix gpg-agent secure memory leak in OpenPGP private key import.

2011-04-20  Marcus Brinkmann  <mb@g10code.com>

        * command.c (cmd_import_key): Release key from failed import
        before converting openpgp private key in the openpgp-private-key
        case.
---
 agent/ChangeLog | 6 ++++++
 agent/command.c | 2 ++
 2 files changed, 8 insertions(+)

diff --git a/agent/ChangeLog b/agent/ChangeLog
index e8570f7a4..e342b571f 100644
--- a/agent/ChangeLog
+++ b/agent/ChangeLog
@@ -1,3 +1,9 @@
+2011-04-20  Marcus Brinkmann  <mb@g10code.com>
+
+	* command.c (cmd_import_key): Release key from failed import
+        before converting openpgp private key in the openpgp-private-key
+        case.
+
 2011-04-17  Ben Kibbey <bjk@luxsci.net>
 
 	* command.c (cmd_passwd): Check for an error before presetting.
diff --git a/agent/command.c b/agent/command.c
index 9f45afbb0..34617ade7 100644
--- a/agent/command.c
+++ b/agent/command.c
@@ -1827,6 +1827,8 @@ cmd_import_key (assuan_context_t ctx, char *line)
          used to protect the key using the same code as for regular
          key import. */
 
+      xfree (key);
+      key = NULL;
       err = convert_from_openpgp (ctrl, openpgp_sexp, grip,
                                   ctrl->server_local->keydesc, cache_nonce,
                                   &key, &passphrase);
-- 
cgit v1.2.3