[git] GnuPG - branch, master, updated. gnupg-2.1.1-16-gb0b3803

by Daniel Kahn Gillmor cvs at cvs.gnupg.org
Mon Dec 22 13:17:36 CET 2014 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  b0b3803e8c2959dd67ca96debc54b5c6464f0d41 (commit)
       via  367b073ab5f439ccf0750461d10c69f36998bd62 (commit)
      from  628b111fa679612e23c0d46505b1ecbbf091897d (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit b0b3803e8c2959dd67ca96debc54b5c6464f0d41
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date:   Fri Dec 19 18:07:55 2014 -0500

    scd: Avoid double-free on error condition in scd
    
    * scd/command.c (cmd_readkey): avoid double-free of cert
    
    --
    
    When ksba_cert_new() fails, cert will be double-freed.
    
    Debian-Bug-Id: 773471
    
    Original patch changed by wk to do the free only at leave.

diff --git a/scd/command.c b/scd/command.c
index dd4191f..1cc580a 100644
--- a/scd/command.c
+++ b/scd/command.c
@@ -804,10 +804,8 @@ cmd_readkey (assuan_context_t ctx, char *line)
 
   rc = ksba_cert_new (&kc);
   if (rc)
-    {
-      xfree (cert);
-      goto leave;
-    }
+    goto leave;
+
   rc = ksba_cert_init_from_mem (kc, cert, ncert);
   if (rc)
     {

commit 367b073ab5f439ccf0750461d10c69f36998bd62
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date:   Fri Dec 19 17:53:36 2014 -0500

    avoid future chance of using uninitialized memory
    
    * common/iobuf.c: (iobuf_open): initialize len
    
    --
    
    In iobuf_open, IOBUFCTRL_DESC and IOBUFCTRL_INIT commands are invoked
    (via file_filter()) on fcx, passing in a pointer to an uninitialized
    len.
    
    With these two commands, file_filter doesn't actually do anything with
    the value of len, so there's no actual risk of use of uninitialized
    memory in the code as it stands.
    
    However, some static analysis tools might flag this situation with a
    warning, and initializing the value doesn't hurt anything, so i think
    this trivial cleanup is warranted.
    
    Debian-Bug-Id: 773469

diff --git a/common/iobuf.c b/common/iobuf.c
index 3c68ce5..badbf78 100644
--- a/common/iobuf.c
+++ b/common/iobuf.c
@@ -1301,7 +1301,7 @@ iobuf_open (const char *fname)
   iobuf_t a;
   gnupg_fd_t fp;
   file_filter_ctx_t *fcx;
-  size_t len;
+  size_t len = 0;
   int print_only = 0;
   int fd;
 

-----------------------------------------------------------------------

Summary of changes:
 common/iobuf.c |    2 +-
 scd/command.c  |    6 ++----
 2 files changed, 3 insertions(+), 5 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list