[PATCH 1/2] Fix memory leaks in ecc code
Dmitry Eremin-Solenikov
dbaryshkov at gmail.com
Sat Jan 25 00:21:38 CET 2014
* cipher/ecc-curves.c (_gcry_ecc_update_curve_param): Release passed mpi
values.
* cipher/ecc.c (compute_keygrip): Fix potential memory leak in error
path.
* cipher/ecc.c (_gcry_ecc_get_curve): Release temporary mpi.
--
==11657== 252 (80 direct, 172 indirect) bytes in 4 blocks are definitely lost in loss record 8 of 8
==11657== at 0x4028A28: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==11657== by 0x404178F: _gcry_private_malloc (stdmem.c:113)
==11657== by 0x403CED1: do_malloc.constprop.4 (global.c:768)
==11657== by 0x403DD01: _gcry_xmalloc (global.c:790)
==11657== by 0x409EAE0: _gcry_mpi_alloc (mpiutil.c:84)
==11657== by 0x409C4E4: _gcry_mpi_scan (mpicoder.c:466)
==11657== by 0x404009C: _gcry_sexp_nth_mpi (sexp.c:796)
==11657== by 0x40410B5: _gcry_sexp_vextract_param (sexp.c:2327)
==11657== by 0x4041396: _gcry_sexp_extract_param (sexp.c:2378)
==11657== by 0x407B895: compute_keygrip (ecc.c:1492)
==11657== by 0x404BBE8: _gcry_pk_get_keygrip (pubkey.c:674)
==11657== by 0x403B1BF: gcry_pk_get_keygrip (visibility.c:1056)
==16502== 144 (60 direct, 84 indirect) bytes in 3 blocks are definitely lost in loss record 3 of 7
==16502== at 0x4028A28: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==16502== by 0x404B4DE: _gcry_private_malloc (stdmem.c:113)
==16502== by 0x404667B: do_malloc (global.c:768)
==16502== by 0x40466E7: _gcry_malloc (global.c:790)
==16502== by 0x4046A55: _gcry_xmalloc (global.c:944)
==16502== by 0x40CD25B: _gcry_mpi_alloc (mpiutil.c:84)
==16502== by 0x40CAC3E: _gcry_mpi_scan (mpicoder.c:548)
==16502== by 0x40A72B2: scanval (ecc-curves.c:432)
==16502== by 0x40A7B0D: _gcry_ecc_get_curve (ecc-curves.c:685)
==16502== by 0x4058164: _gcry_pk_get_curve (pubkey.c:747)
==16502== by 0x4043E14: gcry_pk_get_curve (visibility.c:1067)
==16502== by 0x8048934: check_matching (curves.c:124)
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov at gmail.com>
---
cipher/ecc-curves.c | 22 ++++++++++++++++++----
cipher/ecc.c | 2 +-
2 files changed, 19 insertions(+), 5 deletions(-)
diff --git a/cipher/ecc-curves.c b/cipher/ecc-curves.c
index dc74ee0..0f622f7 100644
--- a/cipher/ecc-curves.c
+++ b/cipher/ecc-curves.c
@@ -575,6 +575,7 @@ _gcry_ecc_update_curve_param (const char *name,
return gpg_err_code_from_syserror ();
strcpy (stpcpy (stpcpy (buf, "0x04"), domain_parms[idx].g_x+2),
domain_parms[idx].g_y+2);
+ _gcry_mpi_release (*g);
*g = scanval (buf);
xfree (buf);
}
@@ -583,13 +584,25 @@ _gcry_ecc_update_curve_param (const char *name,
if (dialect)
*dialect = domain_parms[idx].dialect;
if (p)
- *p = scanval (domain_parms[idx].p);
+ {
+ _gcry_mpi_release (*p);
+ *p = scanval (domain_parms[idx].p);
+ }
if (a)
- *a = scanval (domain_parms[idx].a);
+ {
+ _gcry_mpi_release (*a);
+ *a = scanval (domain_parms[idx].a);
+ }
if (b)
- *b = scanval (domain_parms[idx].b);
+ {
+ _gcry_mpi_release (*b);
+ *b = scanval (domain_parms[idx].b);
+ }
if (n)
- *n = scanval (domain_parms[idx].n);
+ {
+ _gcry_mpi_release (*n);
+ *n = scanval (domain_parms[idx].n);
+ }
return 0;
}
@@ -669,6 +682,7 @@ _gcry_ecc_get_curve (gcry_sexp_t keyparms, int iterator, unsigned int *r_nbits)
for (idx = 0; domain_parms[idx].desc; idx++)
{
+ mpi_free (tmp);
tmp = scanval (domain_parms[idx].p);
if (!mpi_cmp (tmp, E.p))
{
diff --git a/cipher/ecc.c b/cipher/ecc.c
index 0e5776c..e0be2d4 100644
--- a/cipher/ecc.c
+++ b/cipher/ecc.c
@@ -1520,7 +1520,7 @@ compute_keygrip (gcry_md_hd_t md, gcry_sexp_t keyparms)
&values[0], &values[1], &values[2],
&values[3], &values[4]);
if (rc)
- return rc;
+ goto leave;
}
}
--
1.8.5.2
More information about the Gcrypt-devel
mailing list