From b677e2ec989c4e1d31efba074419c94f8c7c942f Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 20 May 2021 14:51:42 +0200 Subject: Assorted memory leak fixes on the error code paths. -- These are taken from these commits: 98c52ae * card: Intialize pointer to avoid double free fc5fac8 * kbx: Avoid uninitialized read fa0771f * g10: Avoid memory leaks 25aa353 * dirmgr: Avoid double free 33a2362 * agent: Fix memory leaks e6132bc * sm: Avoid memory leaks and double double-free 2af7bb2 * g10: Fix memory leaks 0d2c1e9 * dirmgr: clean up memory on error code paths GnuPG-bug-id: 5393 Signed-off-by: Werner Koch --- agent/genkey.c | 2 +- scd/app-nks.c | 2 +- sm/certcheck.c | 1 - sm/encrypt.c | 1 + sm/server.c | 25 ++++++++++++++++++++----- 5 files changed, 23 insertions(+), 8 deletions(-) diff --git a/agent/genkey.c b/agent/genkey.c index 5c6ae9355..78b5bd5ea 100644 --- a/agent/genkey.c +++ b/agent/genkey.c @@ -381,7 +381,7 @@ agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt, if (!pi2) { err = gpg_error_from_syserror (); - xfree (pi2); + xfree (pi); return err; } pi->max_length = MAX_PASSPHRASE_LEN + 1; diff --git a/scd/app-nks.c b/scd/app-nks.c index d7a4dbd36..1f5932183 100644 --- a/scd/app-nks.c +++ b/scd/app-nks.c @@ -206,7 +206,7 @@ keygripstr_from_pk_file (app_t app, int fid, char *r_gripstr) newlen = 1 + buflen[i] - offset[i]; newbuf = xtrymalloc (newlen); - if (!newlen) + if (!newbuf) { xfree (buffer[0]); xfree (buffer[1]); diff --git a/sm/certcheck.c b/sm/certcheck.c index 12b3ec927..d6b967c8a 100644 --- a/sm/certcheck.c +++ b/sm/certcheck.c @@ -293,7 +293,6 @@ extract_pss_params (gcry_sexp_t s_sig, int *r_algo, unsigned int *r_saltlen) if (*r_saltlen < 20) { log_error ("length of PSS salt too short\n"); - gcry_sexp_release (s_sig); return gpg_error (GPG_ERR_DIGEST_ALGO); } if (!*r_algo) diff --git a/sm/encrypt.c b/sm/encrypt.c index 331bfa8ba..37cfe9263 100644 --- a/sm/encrypt.c +++ b/sm/encrypt.c @@ -203,6 +203,7 @@ encrypt_dek (const DEK dek, ksba_cert_t cert, unsigned char **encval) rc = encode_session_key (dek, &s_data); if (rc) { + gcry_sexp_release (s_pkey); log_error ("encode_session_key failed: %s\n", gpg_strerror (rc)); return rc; } diff --git a/sm/server.c b/sm/server.c index 77ec07fc0..5341d315a 100644 --- a/sm/server.c +++ b/sm/server.c @@ -724,8 +724,13 @@ cmd_export (assuan_context_t ctx, char *line) if (opt_secret) { - if (!list || !*list->d) + if (!list) return set_error (GPG_ERR_NO_DATA, "No key given"); + if (!*list->d) + { + free_strlist (list); + return set_error (GPG_ERR_NO_DATA, "No key given"); + } if (list->next) return set_error (GPG_ERR_TOO_MANY, "Only one key allowed"); } @@ -948,17 +953,27 @@ do_listkeys (assuan_context_t ctx, char *line, int mode) int outfd = translate_sys2libc_fd (assuan_get_output_fd (ctx), 1); if ( outfd == -1 ) - return set_error (GPG_ERR_ASS_NO_OUTPUT, NULL); + { + free_strlist (list); + return set_error (GPG_ERR_ASS_NO_OUTPUT, NULL); + } fp = es_fdopen_nc (outfd, "w"); if (!fp) - return set_error (gpg_err_code_from_syserror (), "es_fdopen() failed"); + { + free_strlist (list); + return set_error (gpg_err_code_from_syserror (), + "es_fdopen() failed"); + } } else { fp = es_fopencookie (ctx, "w", data_line_cookie_functions); if (!fp) - return set_error (GPG_ERR_ASS_GENERAL, - "error setting up a data stream"); + { + free_strlist (list); + return set_error (GPG_ERR_ASS_GENERAL, + "error setting up a data stream"); + } } ctrl->with_colons = 1; -- cgit v1.2.3