gpg: Fix a memory leak in batch key generation

* g10/keygen.c (append_to_parameter): New. (proc_parameter_file): Use new func to extend the parameter list. * g10/passphrase.c (passphrase_to_dek_ext): Print a diagnostic of gcry_kdf_derive failed. * g10/keygen.c (proc_parameter_file): Print a diagnostic if passphrase_to_dek failed. -- Due to an improper way of using the linked list head, all memory for items allocated in proc_parameter_file was never released. If batched key generation with a passphrase and more than ~200 keys was used this exhausted the secure memory.
author: Werner Koch <[email protected]> 2013-02-21 19:35:10 +0000
committer: Werner Koch <[email protected]> 2013-02-22 08:30:07 +0000
commit: 161674118d568025896026ede5e03d26bdfdfa68 (patch)
tree: af96a7837bb76df14549d4d4b1e37fcdb27d5a6f /g10/passphrase.c
parent: gpg: Handle the agent's NEW_PASSPHRASE inquiry. (diff)
download: gnupg-161674118d568025896026ede5e03d26bdfdfa68.tar.gz
gnupg-161674118d568025896026ede5e03d26bdfdfa68.zip
1 files changed, 11 insertions, 7 deletions
diff --git a/g10/passphrase.c b/g10/passphrase.c
index d872e36ae..f83e66825 100644
--- a/g10/passphrase.c
+++ b/g10/passphrase.c
@@ -569,17 +569,21 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
     dek->keylen = 0;
   else
     {
+      gpg_error_t err;
+
       dek->keylen = openpgp_cipher_get_algo_keylen (dek->algo);
       if (!(dek->keylen > 0 && dek->keylen <= DIM(dek->key)))
         BUG ();
-      if (gcry_kdf_derive (pw, strlen (pw),
-                           s2k->mode == 3? GCRY_KDF_ITERSALTED_S2K :
-                           s2k->mode == 1? GCRY_KDF_SALTED_S2K :
-                           /* */           GCRY_KDF_SIMPLE_S2K,
-                           s2k->hash_algo, s2k->salt, 8,
-                           S2K_DECODE_COUNT(s2k->count),
-                           dek->keylen, dek->key))
+      err = gcry_kdf_derive (pw, strlen (pw),
+                             s2k->mode == 3? GCRY_KDF_ITERSALTED_S2K :
+                             s2k->mode == 1? GCRY_KDF_SALTED_S2K :
+                             /* */           GCRY_KDF_SIMPLE_S2K,
+                             s2k->hash_algo, s2k->salt, 8,
+                             S2K_DECODE_COUNT(s2k->count),
+                             dek->keylen, dek->key);
+      if (err)
         {
+          log_error ("gcry_kdf_derive failed: %s", gpg_strerror (err));
           xfree (pw);
           xfree (dek);
 	  write_status( STATUS_MISSING_PASSPHRASE );
author	Werner Koch <[email protected]>	2013-02-21 19:35:10 +0000
committer	Werner Koch <[email protected]>	2013-02-22 08:30:07 +0000
commit	161674118d568025896026ede5e03d26bdfdfa68 (patch)
tree	af96a7837bb76df14549d4d4b1e37fcdb27d5a6f /g10/passphrase.c
parent	gpg: Handle the agent's NEW_PASSPHRASE inquiry. (diff)
download	gnupg-161674118d568025896026ede5e03d26bdfdfa68.tar.gz gnupg-161674118d568025896026ede5e03d26bdfdfa68.zip