4331
|
1 |
# Patch origin: GnuPG/GPGME Project (upstream).
|
|
2 |
# URL: http://permalink.gmane.org/gmane.comp.encryption.gpg.cvs/10207
|
|
3 |
- Log -----------------------------------------------------------------
|
|
4 |
commit 1298b14f97efebdd88a9390af3848154dbe0d259
|
|
5 |
Author: Joshua Rogers <[email protected]>
|
|
6 |
Date: Tue Dec 23 00:47:50 2014 +1100
|
|
7 |
|
|
8 |
tools: Free variable before return
|
|
9 |
|
|
10 |
* tools/gpgconf-comp.c: Free 'dest_filename' before it is returned
|
|
11 |
upon error.
|
|
12 |
--
|
|
13 |
|
|
14 |
Signed-off-by: Joshua Rogers <[email protected]>
|
|
15 |
|
|
16 |
diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
|
|
17 |
index c43e87a..83bc24e 100644
|
|
18 |
--- a/tools/gpgconf-comp.c
|
|
19 |
+++ b/tools/gpgconf-comp.c
|
|
20 |
@@ -2390,7 +2390,10 @@ change_options_file (gc_component_t component, gc_backend_t backend,
|
|
21 |
res = link (dest_filename, orig_filename);
|
|
22 |
#endif
|
|
23 |
if (res < 0 && errno != ENOENT)
|
|
24 |
- return -1;
|
|
25 |
+ {
|
|
26 |
+ xfree (dest_filename);
|
|
27 |
+ return -1;
|
|
28 |
+ }
|
|
29 |
if (res < 0)
|
|
30 |
{
|
|
31 |
xfree (orig_filename);
|
|
32 |
|
|
33 |
commit ced689e12a5037c6aeca62e9eaebdc098bd9c14e
|
|
34 |
Author: Daniel Kahn Gillmor <[email protected]>
|
|
35 |
Date: Fri Dec 19 18:53:34 2014 -0500
|
|
36 |
|
|
37 |
sm: Avoid double-free on iconv failure
|
|
38 |
|
|
39 |
* sm/minip12.c: (p12_build) if jnlib_iconv_open fails, avoid
|
|
40 |
double-free of pwbuf.
|
|
41 |
|
|
42 |
--
|
|
43 |
|
|
44 |
Observed by Joshua Rogers <[email protected]>, who proposed a
|
|
45 |
slightly different fix.
|
|
46 |
|
|
47 |
Debian-Bug-Id: 773472
|
|
48 |
|
|
49 |
Added fix at a second place - wk.
|
|
50 |
|
|
51 |
diff --git a/agent/minip12.c b/agent/minip12.c
|
|
52 |
index 2471717..0bcab5f 100644
|
|
53 |
--- a/agent/minip12.c
|
|
54 |
+++ b/agent/minip12.c
|
|
55 |
@@ -2182,6 +2182,7 @@ p12_build (gcry_mpi_t *kparms, unsigned char *cert, size_t certlen,
|
|
56 |
" requested charset `%s': %s\n",
|
|
57 |
charset, strerror (errno));
|
|
58 |
gcry_free (pwbuf);
|
|
59 |
+ pwbuf = NULL;
|
|
60 |
goto failure;
|
|
61 |
}
|
|
62 |
|
|
63 |
@@ -2196,6 +2197,7 @@ p12_build (gcry_mpi_t *kparms, unsigned char *cert, size_t certlen,
|
|
64 |
" requested charset `%s': %s\n",
|
|
65 |
charset, strerror (errno));
|
|
66 |
gcry_free (pwbuf);
|
|
67 |
+ pwbuf = NULL;
|
|
68 |
jnlib_iconv_close (cd);
|
|
69 |
goto failure;
|
|
70 |
}
|
|
71 |
|
|
72 |
commit 0fd4cd8503dfe9c3e6a362003bd647b4cd882363
|
|
73 |
Author: Daniel Kahn Gillmor <[email protected]>
|
|
74 |
Date: Fri Dec 19 18:07:55 2014 -0500
|
|
75 |
|
|
76 |
scd: Avoid double-free on error condition in scd
|
|
77 |
|
|
78 |
* scd/command.c (cmd_readkey): avoid double-free of cert
|
|
79 |
|
|
80 |
--
|
|
81 |
|
|
82 |
When ksba_cert_new() fails, cert will be double-freed.
|
|
83 |
|
|
84 |
Debian-Bug-Id: 773471
|
|
85 |
|
|
86 |
Original patch changed by wk to do the free only at leave.
|
|
87 |
|
|
88 |
diff --git a/scd/command.c b/scd/command.c
|
|
89 |
index fc1f5a2..b26bd68 100644
|
|
90 |
--- a/scd/command.c
|
|
91 |
+++ b/scd/command.c
|
|
92 |
@@ -777,10 +777,8 @@ cmd_readkey (assuan_context_t ctx, char *line)
|
|
93 |
|
|
94 |
rc = ksba_cert_new (&kc);
|
|
95 |
if (rc)
|
|
96 |
- {
|
|
97 |
- xfree (cert);
|
|
98 |
- goto leave;
|
|
99 |
- }
|
|
100 |
+ goto leave;
|
|
101 |
+
|
|
102 |
rc = ksba_cert_init_from_mem (kc, cert, ncert);
|
|
103 |
if (rc)
|
|
104 |
{
|
|
105 |
|
|
106 |
commit 1fc4dc541af7d4bf4dba6ef37d1d7841498a05c6
|
|
107 |
Author: Daniel Kahn Gillmor <[email protected]>
|
|
108 |
Date: Fri Dec 19 17:53:36 2014 -0500
|
|
109 |
|
|
110 |
avoid future chance of using uninitialized memory
|
|
111 |
|
|
112 |
* common/iobuf.c: (iobuf_open): initialize len
|
|
113 |
|
|
114 |
--
|
|
115 |
|
|
116 |
In iobuf_open, IOBUFCTRL_DESC and IOBUFCTRL_INIT commands are invoked
|
|
117 |
(via file_filter()) on fcx, passing in a pointer to an uninitialized
|
|
118 |
len.
|
|
119 |
|
|
120 |
With these two commands, file_filter doesn't actually do anything with
|
|
121 |
the value of len, so there's no actual risk of use of uninitialized
|
|
122 |
memory in the code as it stands.
|
|
123 |
|
|
124 |
However, some static analysis tools might flag this situation with a
|
|
125 |
warning, and initializing the value doesn't hurt anything, so i think
|
|
126 |
this trivial cleanup is warranted.
|
|
127 |
|
|
128 |
Debian-Bug-Id: 773469
|
|
129 |
|
|
130 |
diff --git a/common/iobuf.c b/common/iobuf.c
|
|
131 |
index ae9bfa9..4c6d5b5 100644
|
|
132 |
--- a/common/iobuf.c
|
|
133 |
+++ b/common/iobuf.c
|
|
134 |
@@ -1303,7 +1303,7 @@ iobuf_open (const char *fname)
|
|
135 |
iobuf_t a;
|
|
136 |
fp_or_fd_t fp;
|
|
137 |
file_filter_ctx_t *fcx;
|
|
138 |
- size_t len;
|
|
139 |
+ size_t len = 0;
|
|
140 |
int print_only = 0;
|
|
141 |
int fd;
|
|
142 |
|
|
143 |
commit f542826b04e35f13a30116564daaf6456440b1d4
|
|
144 |
Author: Daniel Kahn Gillmor <[email protected]>
|
|
145 |
Date: Fri Dec 19 17:12:05 2014 -0500
|
|
146 |
|
|
147 |
gpgkey2ssh: clean up varargs
|
|
148 |
|
|
149 |
* tools/gpgkey2ssh.c (key_to_blob) : ensure that va_end is called.
|
|
150 |
|
|
151 |
--
|
|
152 |
|
|
153 |
stdarg(3) says:
|
|
154 |
Each invocation of va_start() must be matched by a
|
|
155 |
corresponding invocation of va_end() in the same function.
|
|
156 |
|
|
157 |
Observed by Joshua Rogers <[email protected]>
|
|
158 |
|
|
159 |
Debian-Bug-Id: 773415
|
|
160 |
|
|
161 |
diff --git a/tools/gpgkey2ssh.c b/tools/gpgkey2ssh.c
|
|
162 |
index 903fb5b..d22c5ac 100644
|
|
163 |
--- a/tools/gpgkey2ssh.c
|
|
164 |
+++ b/tools/gpgkey2ssh.c
|
|
165 |
@@ -224,6 +224,8 @@ key_to_blob (unsigned char **blob, size_t *blob_n, const char *identifier, ...)
|
|
166 |
assert (ret == 1);
|
|
167 |
}
|
|
168 |
|
|
169 |
+ va_end (ap);
|
|
170 |
+
|
|
171 |
blob_new_n = ftell (stream);
|
|
172 |
rewind (stream);
|
|
173 |
|
|
174 |
commit 01b364b6da2fbb8850178674e1534d725cd760c8
|
|
175 |
Author: Werner Koch <[email protected]>
|
|
176 |
Date: Mon Dec 22 12:44:13 2014 +0100
|
|
177 |
|
|
178 |
doc: Fix memory leak in yat2m.
|
|
179 |
|
|
180 |
* doc/yat2m.c (write_th): Free NAME.
|
|
181 |
--
|
|
182 |
|
|
183 |
Reported-by: Joshua Rogers <[email protected]>
|
|
184 |
|
|
185 |
diff --git a/doc/yat2m.c b/doc/yat2m.c
|
|
186 |
index 2ac4390..fc932d9 100644
|
|
187 |
--- a/doc/yat2m.c
|
|
188 |
+++ b/doc/yat2m.c
|
|
189 |
@@ -609,6 +609,7 @@ write_th (FILE *fp)
|
|
190 |
*p++ = 0;
|
|
191 |
fprintf (fp, ".TH %s %s %s \"%s\" \"%s\"\n",
|
|
192 |
name, p, isodatestring (), opt_release, opt_source);
|
|
193 |
+ free (name);
|
|
194 |
return 0;
|
|
195 |
}
|
|
196 |
|
|
197 |
commit 907a9a1e986b8c8266f4f01e8ed82acfc636a519
|
|
198 |
Author: Werner Koch <[email protected]>
|
|
199 |
Date: Mon Dec 22 12:16:46 2014 +0100
|
|
200 |
|
|
201 |
gpgsm: Return NULL on fail
|
|
202 |
|
|
203 |
* sm/gpgsm.c (parse_keyserver_line): Set SERVER to NULL.
|
|
204 |
|
|
205 |
--
|
|
206 |
|
|
207 |
Cherry-pick of abd5f6752d693b7f313c19604f0723ecec4d39a6.
|
|
208 |
|
|
209 |
Reported-by: Joshua Rogers <[email protected]>
|
|
210 |
|
|
211 |
"If something inside the ldapserver_parse_one function failed,
|
|
212 |
'server' would be freed, then returned, leading to a
|
|
213 |
use-after-free. This code is likely copied from sm/gpgsm.c, which
|
|
214 |
was also susceptible to this bug."
|
|
215 |
|
|
216 |
Signed-off-by: Werner Koch <[email protected]>
|
|
217 |
|
|
218 |
diff --git a/sm/gpgsm.c b/sm/gpgsm.c
|
|
219 |
index 97ec4bb..855de83 100644
|
|
220 |
--- a/sm/gpgsm.c
|
|
221 |
+++ b/sm/gpgsm.c
|
|
222 |
@@ -840,6 +840,7 @@ parse_keyserver_line (char *line,
|
|
223 |
{
|
|
224 |
log_info (_("%s:%u: skipping this line\n"), filename, lineno);
|
|
225 |
keyserver_list_free (server);
|
|
226 |
+ server = NULL;
|
|
227 |
}
|
|
228 |
|
|
229 |
return server;
|
|
230 |
|
|
231 |
-----------------------------------------------------------------------
|
|
232 |
|
|
233 |
Summary of changes:
|
|
234 |
agent/minip12.c | 2 ++
|
|
235 |
common/iobuf.c | 2 +-
|
|
236 |
doc/yat2m.c | 1 +
|
|
237 |
scd/command.c | 6 ++----
|
|
238 |
sm/gpgsm.c | 1 +
|
|
239 |
tools/gpgconf-comp.c | 5 ++++-
|
|
240 |
tools/gpgkey2ssh.c | 2 ++
|
|
241 |
7 files changed, 13 insertions(+), 6 deletions(-)
|
|
242 |
|
|
243 |
hooks/post-receive
|
|
244 |
-- <#>
|
|
245 |
|
|
246 |
--
|
|
247 |
The GNU Privacy Guard
|
|
248 |
http://git.gnupg.org
|
|
249 |
|
|
250 |
Permalink
|
|
251 |
<http://permalink.gmane.org/gmane.comp.encryption.gpg.cvs/10207> | Reply
|
|
252 |
<http://post.gmane.org/post.php?group=gmane.comp.encryption.gpg.cvs&followup=10207>
|
|
253 |
|
|
|
254 |
|
|
255 |
Navigate
|
|
256 |
Go to gmane.comp.encryption.gpg.cvs
|
|
257 |
<http://blog.gmane.org/gmane.comp.encryption.gpg.cvs>.
|
|
258 |
Topic
|
|
259 |
Go to the topic
|
|
260 |
<http://news.gmane.org/find-root.php?group=gmane.comp.encryption.gpg.cvs&article=10207&type=blog>.
|
|
261 |
|
|
262 |
Advertisement
|
|
263 |
Search Archive
|
|
264 |
|
|
265 |
Language
|
|
266 |
Change language <http://gmane.org/language.php>
|
|
267 |
Options
|
|
268 |
Current view: Threads only / Showing whole messages / Not hiding cited text.
|
|
269 |
Change to All messages,
|
|
270 |
<http://permalink.gmane.org/gmane.comp.encryption.gpg.cvs?set_blog_all=yes>shortened
|
|
271 |
messages
|
|
272 |
<http://permalink.gmane.org/gmane.comp.encryption.gpg.cvs?set_lines=20>,
|
|
273 |
or hide cited text
|
|
274 |
<http://permalink.gmane.org/gmane.comp.encryption.gpg.cvs?set_cite=hide>.
|
|
275 |
|
|
276 |
Post a message
|
|
277 |
<http://post.gmane.org/post.php?group=gmane.comp.encryption.gpg.cvs>
|
|
278 |
NNTP Newsgroup <nntp://news.gmane.org/gmane.comp.encryption.gpg.cvs>
|
|
279 |
Classic Gmane web interface
|
|
280 |
<http://news.gmane.org/find-root.php?message_id=E1YAqcu%2d00022P%2d1h%40lists.gnupg.org>
|
|
281 |
XML RSS Feed <http://rss.gmane.org/gmane.comp.encryption.gpg.cvs>
|
|
282 |
List Information <http://dir.gmane.org/gmane.comp.encryption.gpg.cvs>
|
|
283 |
|
|
284 |
About Gmane <http://gmane.org/faq.php>
|
|
285 |
|
|
286 |
Gmane <http://gmane.org/>
|
|
287 |
|