Double-Free in new Unpadding Code
Tom Ritter
tom at ritter.vg
Thu May 26 19:29:33 CEST 2011
The following double-free in the new unpadding code was causing
crashes on my machine when attempting a decrypt with invalid padding.
Found it using valgrind after much head-smashing. It seems to apply
with or without an error in padding, and for both PKCS1 and OAEP,
although I only was testing OAEP, and only encountered it with invalid
padding. The fix included definitely made the problem go away
however.
diff --git a/cipher/pubkey.c b/cipher/pubkey.c
index ba888f3..5361287 100644
--- a/cipher/pubkey.c
+++ b/cipher/pubkey.c
@@ -2249,40 +2249,41 @@ gcry_pk_decrypt (gcry_sexp_t *r_plain,
gcry_sexp_t s_data, gcry_sexp_t s_skey)
rc = pubkey_decrypt (module_key->mod_id, &plain, data, skey, flags);
if (rc)
goto leave;
/* Do un-padding if necessary. */
switch (ctx.encoding)
{
case PUBKEY_ENC_PKCS1:
rc = pkcs1_decode_for_encryption (&unpad, gcry_pk_get_nbits (s_skey),
plain);
mpi_free (plain);
+ plain = NULL;
if (rc)
goto leave;
plain = unpad;
break;
case PUBKEY_ENC_OAEP:
rc = oaep_decode (&unpad, gcry_pk_get_nbits (s_skey), ctx.hash_algo,
plain, ctx.label, ctx.labellen);
mpi_free (plain);
+ plain = NULL;
if (rc)
goto leave;
plain = unpad;
break;
default:
break;
}
if (gcry_sexp_build (r_plain, NULL, modern? "(value %m)" : "%m", plain))
BUG ();
leave:
if (skey)
{
release_mpi_array (skey);
gcry_free (skey);
}
if (plain)
mpi_free (plain);
-tom
More information about the Gcrypt-devel
mailing list