[git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.2-10-g2aa106d

by Werner Koch cvs at cvs.gnupg.org
Fri Nov 17 10:44:36 CET 2017 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-2-2 has been updated
       via  2aa106d6a4e2b09c257e8d769895d93ebb7f7edf (commit)
      from  4f5afaf1fdb5cb13859aca390ccb5a1ba1dba00c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 2aa106d6a4e2b09c257e8d769895d93ebb7f7edf
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Nov 17 10:34:40 2017 +0100

    dirmngr: Fix double free of a hash context in the error case.
    
    * dirmngr/crlcache.c: Clearly document that this fucntions takes
    ownership of MD.
    (abort_sig_check): Allow NULL for MD.
    (crl_parse_insert): Immediately set MD to NULL.  Remove check for md
    before a calling abort_sig_check.
    --
    
    GnuPG-bug-id: 3510
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/dirmngr/crlcache.c b/dirmngr/crlcache.c
index 248ad9a..6eeeb8d 100644
--- a/dirmngr/crlcache.c
+++ b/dirmngr/crlcache.c
@@ -1562,7 +1562,7 @@ start_sig_check (ksba_crl_t crl, gcry_md_hd_t *md, int *algo)
    should return 0 on a good signature, GPG_ERR_BAD_SIGNATURE if the
    signature does not verify or any other error code. CRL is the CRL
    object we are working on, MD the hash context and ISSUER_CERT the
-   certificate of the CRL issuer.  This function closes MD.  */
+   certificate of the CRL issuer.  This function takes ownership of MD.  */
 static gpg_error_t
 finish_sig_check (ksba_crl_t crl, gcry_md_hd_t md, int algo,
                   ksba_cert_t issuer_cert)
@@ -1646,12 +1646,13 @@ finish_sig_check (ksba_crl_t crl, gcry_md_hd_t md, int algo,
 
 
 /* Call this to match a start_sig_check that can not be completed
-   normally.  */
+   normally.  Takes ownership of MD if MD is not NULL.  */
 static void
 abort_sig_check (ksba_crl_t crl, gcry_md_hd_t md)
 {
   (void)crl;
-  gcry_md_close (md);
+  if (md)
+    gcry_md_close (md);
 }
 
 
@@ -1842,13 +1843,13 @@ crl_parse_insert (ctrl_t ctrl, ksba_crl_t crl,
               }
 
             err = finish_sig_check (crl, md, algo, crlissuer_cert);
+            md = NULL; /* Closed.  */
             if (err)
               {
                 log_error (_("CRL signature verification failed: %s\n"),
                            gpg_strerror (err));
                 goto failure;
               }
-	    md = NULL;
 
             err = validate_cert_chain (ctrl, crlissuer_cert, NULL,
                                        (VALIDATE_FLAG_TRUST_CONFIG
@@ -1877,8 +1878,7 @@ crl_parse_insert (ctrl_t ctrl, ksba_crl_t crl,
 
 
  failure:
-  if (md)
-    abort_sig_check (crl, md);
+  abort_sig_check (crl, md);
   ksba_cert_release (crlissuer_cert);
   return err;
 }

-----------------------------------------------------------------------

Summary of changes:
 dirmngr/crlcache.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list