summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlex Gaynor <alex.gaynor@gmail.com>2017-01-01 09:15:09 -0500
committerNikos Mavrogiannopoulos <nmav@redhat.com>2017-01-02 10:14:05 +0100
commita9c40fbf23fbba94b096d2036c22c8f557eb4f0a (patch)
treeca5ded4b390ec772463745ead3e1607fc613e790
parentc5e54cec52d8b65114b2e3ed892cc8fa0f1ca438 (diff)
downloadgnutls-a9c40fbf23fbba94b096d2036c22c8f557eb4f0a.tar.gz
Corrected a leak in OpenPGP sub-packet parsing.
Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>
Diffstat
-rw-r--r--lib/opencdk/read-packet.c4
-rw-r--r--tests/cert-tests/data/subpkt-leak.pub1
-rwxr-xr-xtests/cert-tests/openpgp-cert-parser4
3 files changed, 8 insertions, 1 deletions
diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c
index faee419bc2..cdb47007a6 100644
--- a/lib/opencdk/read-packet.c
+++ b/lib/opencdk/read-packet.c
@@ -595,8 +595,10 @@ read_subpkt(cdk_stream_t inp, cdk_subpkt_t * r_ctx, size_t * r_nbytes)
node->size--;
rc = stream_read(inp, node->d, node->size, &nread);
n += nread;
- if (rc)
+ if (rc) {
+ cdk_subpkt_free(node);
return rc;
+ }
*r_nbytes = n;
if (!*r_ctx)
*r_ctx = node;
diff --git a/tests/cert-tests/data/subpkt-leak.pub b/tests/cert-tests/data/subpkt-leak.pub
new file mode 100644
index 0000000000..643c334332
--- /dev/null
+++ b/tests/cert-tests/data/subpkt-leak.pub
@@ -0,0 +1 @@
+Éûÿ‰Š²»ŠŠŠ \ No newline at end of file
diff --git a/tests/cert-tests/openpgp-cert-parser b/tests/cert-tests/openpgp-cert-parser
index c12e1be8d6..2cd843cc66 100755
--- a/tests/cert-tests/openpgp-cert-parser
+++ b/tests/cert-tests/openpgp-cert-parser
@@ -42,4 +42,8 @@ echo "Checking OpenPGP certificate parsing"
| grep "^import error:" > /dev/null) || \
fail "Parsing should have errored"
+("${CERTTOOL}" --inraw --pgp-certificate-info --infile "${srcdir}/data/subpkt-leak.pub" 2>&1 \
+ | grep "^import error:" > /dev/null) || \
+ fail "Parsing should have errored"
+
exit ${RETCODE:-0}
View Lorry Controller Status