dirmngr,gpgsm: Return NULL on fail

* dirmngr/ldapserver.c (ldapserver_parse_one): Set SERVER to NULL. * sm/gpgsm.c (parse_keyserver_line): Ditto. -- Reported-by: Joshua Rogers <[email protected]> "If something inside the ldapserver_parse_one function failed, 'server' would be freed, then returned, leading to a use-after-free. This code is likely copied from sm/gpgsm.c, which was also susceptible to this bug." Signed-off-by: Werner Koch <[email protected]>
author: Werner Koch <[email protected]> 2014-12-22 11:16:46 +0000
committer: Werner Koch <[email protected]> 2014-12-22 11:39:14 +0000
commit: abd5f6752d693b7f313c19604f0723ecec4d39a6 (patch)
tree: fb2795cad36a6e6d052d9c9da411db926086552a
parent: scd: ECDH Support. (diff)
download: gnupg-abd5f6752d693b7f313c19604f0723ecec4d39a6.tar.gz
gnupg-abd5f6752d693b7f313c19604f0723ecec4d39a6.zip
2 files changed, 2 insertions, 0 deletions
diff --git a/dirmngr/ldapserver.c b/dirmngr/ldapserver.c
index 20a574cb6..5808c5b02 100644
--- a/dirmngr/ldapserver.c
+++ b/dirmngr/ldapserver.c
@@ -125,6 +125,7 @@ ldapserver_parse_one (char *line,
     {
       log_info (_("%s:%u: skipping this line\n"), filename, lineno);
       ldapserver_list_free (server);
+      server = NULL;
     }
 
   return server;
diff --git a/sm/gpgsm.c b/sm/gpgsm.c
index 3398d173f..72bceb433 100644
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@@ -862,6 +862,7 @@ parse_keyserver_line (char *line,
     {
       log_info (_("%s:%u: skipping this line\n"), filename, lineno);
       keyserver_list_free (server);
+      server = NULL;
     }
 
   return server;
author	Werner Koch <[email protected]>	2014-12-22 11:16:46 +0000
committer	Werner Koch <[email protected]>	2014-12-22 11:39:14 +0000
commit	abd5f6752d693b7f313c19604f0723ecec4d39a6 (patch)
tree	fb2795cad36a6e6d052d9c9da411db926086552a
parent	scd: ECDH Support. (diff)
download	gnupg-abd5f6752d693b7f313c19604f0723ecec4d39a6.tar.gz gnupg-abd5f6752d693b7f313c19604f0723ecec4d39a6.zip