[git] GnuPG - branch, master, updated. gnupg-2.1.9-129-g7e59fb2

by Werner Koch cvs at cvs.gnupg.org
Fri Nov 13 13:03:11 CET 2015 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  7e59fb21f728b5f54468cd35b1415a2f86003d4f (commit)
      from  2038adf16d0e7eeb614043aae17b16a867de6b70 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 7e59fb21f728b5f54468cd35b1415a2f86003d4f
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Nov 13 12:56:13 2015 +0100

    gpg: Fix regression in --locate-keys (in 2.1.9).
    
    * g10/getkey.c (getkey_ctx_s): Add field "extra_list".
    (get_pubkey_byname): Store strings in the context.
    (getkey_end): Free EXTRA_LIST.
    --
    
    This fixes a use-after-free bug.  It showed up with:
    
      gpg --auto-key-locate local --locate-key wk at gnupg.org
    
    The key was shown but also all other following keys in the keyring.
    Bisecting showed d47e84946ee010917cfc3501062721b74afbb771 as culprit
    but the actual cause was a part of:
    
    Regression-due-to: b06f96ba4f57f55194efcd37a0e3a2aa5450b974
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/g10/getkey.c b/g10/getkey.c
index 9e123ee..7238bc3 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -77,6 +77,10 @@ struct getkey_ctx_s
      released using getkey_end()).  */
   int not_allocated;
 
+  /* This variable is used as backing store for strings which have
+     their address used in ITEMS.  */
+  strlist_t extra_list;
+
   /* Part of the search criteria: The low-level search specification
      as passed to keydb_search.  */
   int nitems;
@@ -1028,7 +1032,14 @@ get_pubkey_byname (ctrl_t ctrl, GETKEY_CTX * retctx, PKT_public_key * pk,
       *retctx = NULL;
     }
 
-  free_strlist (namelist);
+  if (retctx && *retctx)
+    {
+      assert (!(*retctx)->extra_list);
+      (*retctx)->extra_list = namelist;
+    }
+  else
+    free_strlist (namelist);
+
   return rc;
 }
 
@@ -1279,6 +1290,7 @@ getkey_end (getkey_ctx_t ctx)
   if (ctx)
     {
       keydb_release (ctx->kr_handle);
+      free_strlist (ctx->extra_list);
       if (!ctx->not_allocated)
 	xfree (ctx);
     }

-----------------------------------------------------------------------

Summary of changes:
 g10/getkey.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list