2 files changed, 60 insertions, 63 deletions

diff --git a/NEWS b/NEWS
index 7d451befe4..1b89387157 100644
--- a/NEWS
+++ b/NEWS
@@ -23,6 +23,9 @@ Reported by Roman Bogorodskiy <novel@FreeBSD.org> in
 It is currently only used by the core library.  This will enable a new
 domain 'gnutls' for translations of the command line tools.
 
+** Corrected possible memory corruption on signature verification failure. 
+Reported by Miroslav Kratochvil <exa.exa@gmail.com>
+
 ** API and ABI modifications:
 gnutls_x509_crt_verify_hash: ADDED
 gnutls_x509_crt_get_verify_algorithm: ADDED
diff --git a/lib/pk-libgcrypt.c b/lib/pk-libgcrypt.c
index a7bcd8e19b..d885d02686 100644
--- a/lib/pk-libgcrypt.c
+++ b/lib/pk-libgcrypt.c
@@ -43,6 +43,8 @@
 /* this is based on code from old versions of libgcrypt (centuries ago)
  */
 
+#define SEXP_RELEASE(x) gcry_sexp_release(x);x=NULL
+
 int (*generate) (gnutls_pk_algorithm_t, unsigned int level /*bits */ ,
 		 gnutls_pk_params_st *);
 
@@ -98,10 +100,8 @@ _wrap_gcry_pk_encrypt (gnutls_pk_algorithm_t algo,
 
   /* pass it to libgcrypt */
   rc = gcry_pk_encrypt (&s_ciph, s_data, s_pkey);
-  gcry_sexp_release (s_data);
-  s_data = NULL;
-  gcry_sexp_release (s_pkey);
-  s_pkey = NULL;
+  SEXP_RELEASE (s_data);
+  SEXP_RELEASE (s_pkey);
 
   if (rc != 0)
     {
@@ -122,7 +122,7 @@ _wrap_gcry_pk_encrypt (gnutls_pk_algorithm_t algo,
 	}
 
       res = gcry_sexp_nth_mpi (list, 1, 0);
-      gcry_sexp_release (list);
+      SEXP_RELEASE (list);
 
       if (res == NULL)
 	{
@@ -141,17 +141,17 @@ _wrap_gcry_pk_encrypt (gnutls_pk_algorithm_t algo,
 	}
     }
 
-  gcry_sexp_release (s_ciph);
+  SEXP_RELEASE (s_ciph);
   return 0;
 
 cleanup:
   _gnutls_mpi_release (&data);
   if (s_ciph)
-    gcry_sexp_release (s_ciph);
+    SEXP_RELEASE (s_ciph);
   if (s_data)
-    gcry_sexp_release (s_data);
+    SEXP_RELEASE (s_data);
   if (s_pkey)
-    gcry_sexp_release (s_pkey);
+    SEXP_RELEASE (s_pkey);
 
   return ret;
 }
@@ -209,8 +209,8 @@ _wrap_gcry_pk_decrypt (gnutls_pk_algorithm_t algo,
 
   /* pass it to libgcrypt */
   rc = gcry_pk_decrypt (&s_plain, s_data, s_pkey);
-  gcry_sexp_release (s_data);
-  gcry_sexp_release (s_pkey);
+  SEXP_RELEASE (s_data);
+  SEXP_RELEASE (s_pkey);
 
   if (rc != 0)
     {
@@ -221,7 +221,7 @@ _wrap_gcry_pk_decrypt (gnutls_pk_algorithm_t algo,
     {
       bigint_t res;
       res = gcry_sexp_nth_mpi (s_plain, 0, 0);
-      gcry_sexp_release (s_plain);
+      SEXP_RELEASE (s_plain);
 
       if (res == NULL)
 	{
@@ -246,11 +246,11 @@ _wrap_gcry_pk_decrypt (gnutls_pk_algorithm_t algo,
 cleanup:
   _gnutls_mpi_release (&data);
   if (s_plain)
-    gcry_sexp_release (s_plain);
+    SEXP_RELEASE (s_plain);
   if (s_data)
-    gcry_sexp_release (s_data);
+    SEXP_RELEASE (s_data);
   if (s_pkey)
-    gcry_sexp_release (s_pkey);
+    SEXP_RELEASE (s_pkey);
 
   return ret;
 
@@ -328,10 +328,8 @@ _wrap_gcry_pk_sign (gnutls_pk_algorithm_t algo, gnutls_datum_t * signature,
 
   /* pass it to libgcrypt */
   rc = gcry_pk_sign (&s_sig, s_hash, s_key);
-  gcry_sexp_release (s_hash);
-  gcry_sexp_release (s_key);
-  s_hash = NULL;
-  s_key = NULL;
+  SEXP_RELEASE (s_hash);
+  SEXP_RELEASE (s_key);
 
   if (rc != 0)
     {
@@ -348,13 +346,12 @@ _wrap_gcry_pk_sign (gnutls_pk_algorithm_t algo, gnutls_datum_t * signature,
       if (list == NULL)
 	{
 	  gnutls_assert ();
-	  gcry_sexp_release (s_sig);
+	  SEXP_RELEASE (s_sig);
 	  return GNUTLS_E_INTERNAL_ERROR;
 	}
 
       res[0] = gcry_sexp_nth_mpi (list, 1, 0);
-      gcry_sexp_release (list);
-      list = NULL;
+      SEXP_RELEASE (list);
 
       list = gcry_sexp_find_token (s_sig, "s", 0);
       if (list == NULL)
@@ -365,8 +362,7 @@ _wrap_gcry_pk_sign (gnutls_pk_algorithm_t algo, gnutls_datum_t * signature,
 	}
 
       res[1] = gcry_sexp_nth_mpi (list, 1, 0);
-      gcry_sexp_release (list);
-      list = NULL;
+      SEXP_RELEASE (list);
 
       ret = _gnutls_encode_ber_rs (signature, res[0], res[1]);
 
@@ -382,8 +378,7 @@ _wrap_gcry_pk_sign (gnutls_pk_algorithm_t algo, gnutls_datum_t * signature,
 	}
 
       res[0] = gcry_sexp_nth_mpi (list, 1, 0);
-      gcry_sexp_release (list);
-      list = NULL;
+      SEXP_RELEASE (list);
 
       ret = _gnutls_mpi_dprint (res[0], signature);
     }
@@ -401,13 +396,13 @@ cleanup:
   _gnutls_mpi_release (&res[0]);
   _gnutls_mpi_release (&res[1]);
   if (s_sig)
-    gcry_sexp_release (s_sig);
+    SEXP_RELEASE (s_sig);
   if (list)
-    gcry_sexp_release (list);
+    SEXP_RELEASE (list);
   if (s_hash)
-    gcry_sexp_release (s_hash);
+    SEXP_RELEASE (s_hash);
   if (s_key)
-    gcry_sexp_release (s_key);
+    SEXP_RELEASE (s_key);
 
   return ret;
 }
@@ -508,9 +503,9 @@ _wrap_gcry_pk_verify (gnutls_pk_algorithm_t algo,
 
   rc = gcry_pk_verify (s_sig, s_hash, s_pkey);
 
-  gcry_sexp_release (s_sig);
-  gcry_sexp_release (s_hash);
-  gcry_sexp_release (s_pkey);
+  SEXP_RELEASE (s_sig);
+  SEXP_RELEASE (s_hash);
+  SEXP_RELEASE (s_pkey);
 
   if (rc != 0)
     {
@@ -526,11 +521,11 @@ cleanup:
   _gnutls_mpi_release (&tmp[0]);
   _gnutls_mpi_release (&tmp[1]);
   if (s_sig)
-    gcry_sexp_release (s_sig);
+    SEXP_RELEASE (s_sig);
   if (s_hash)
-    gcry_sexp_release (s_hash);
+    SEXP_RELEASE (s_hash);
   if (s_pkey)
-    gcry_sexp_release (s_pkey);
+    SEXP_RELEASE (s_pkey);
 
   return ret;
 }
@@ -565,7 +560,7 @@ _dsa_generate_params (bigint_t * resarr, int *resarr_len, int bits)
   /* generate the DSA key 
    */
   ret = gcry_pk_genkey (&key, parms);
-  gcry_sexp_release (parms);
+  SEXP_RELEASE (parms);
 
   if (ret != 0)
     {
@@ -577,60 +572,59 @@ _dsa_generate_params (bigint_t * resarr, int *resarr_len, int bits)
   if (list == NULL)
     {
       gnutls_assert ();
-      gcry_sexp_release (key);
+      SEXP_RELEASE (key);
       return GNUTLS_E_INTERNAL_ERROR;
     }
 
   resarr[0] = gcry_sexp_nth_mpi (list, 1, 0);
-  gcry_sexp_release (list);
+  SEXP_RELEASE (list);
 
   list = gcry_sexp_find_token (key, "q", 0);
   if (list == NULL)
     {
       gnutls_assert ();
-      gcry_sexp_release (key);
+      SEXP_RELEASE (key);
       return GNUTLS_E_INTERNAL_ERROR;
     }
 
   resarr[1] = gcry_sexp_nth_mpi (list, 1, 0);
-  gcry_sexp_release (list);
+  SEXP_RELEASE (list);
 
   list = gcry_sexp_find_token (key, "g", 0);
   if (list == NULL)
     {
       gnutls_assert ();
-      gcry_sexp_release (key);
+      SEXP_RELEASE (key);
       return GNUTLS_E_INTERNAL_ERROR;
     }
 
   resarr[2] = gcry_sexp_nth_mpi (list, 1, 0);
-  gcry_sexp_release (list);
+  SEXP_RELEASE (list);
 
   list = gcry_sexp_find_token (key, "y", 0);
   if (list == NULL)
     {
       gnutls_assert ();
-      gcry_sexp_release (key);
+      SEXP_RELEASE (key);
       return GNUTLS_E_INTERNAL_ERROR;
     }
 
   resarr[3] = gcry_sexp_nth_mpi (list, 1, 0);
-  gcry_sexp_release (list);
+  SEXP_RELEASE (list);
 
 
   list = gcry_sexp_find_token (key, "x", 0);
   if (list == NULL)
     {
       gnutls_assert ();
-      gcry_sexp_release (key);
+      SEXP_RELEASE (key);
       return GNUTLS_E_INTERNAL_ERROR;
     }
 
   resarr[4] = gcry_sexp_nth_mpi (list, 1, 0);
-  gcry_sexp_release (list);
-
 
-  gcry_sexp_release (key);
+  SEXP_RELEASE (list);
+  SEXP_RELEASE (key);
 
   _gnutls_dump_mpi ("p: ", resarr[0]);
   _gnutls_dump_mpi ("q: ", resarr[1]);
@@ -660,7 +654,7 @@ _rsa_generate_params (bigint_t * resarr, int *resarr_len, int bits)
 
   /* generate the RSA key */
   ret = gcry_pk_genkey (&key, parms);
-  gcry_sexp_release (parms);
+  SEXP_RELEASE (parms);
 
   if (ret != 0)
     {
@@ -672,71 +666,71 @@ _rsa_generate_params (bigint_t * resarr, int *resarr_len, int bits)
   if (list == NULL)
     {
       gnutls_assert ();
-      gcry_sexp_release (key);
+      SEXP_RELEASE (key);
       return GNUTLS_E_INTERNAL_ERROR;
     }
 
   resarr[0] = gcry_sexp_nth_mpi (list, 1, 0);
-  gcry_sexp_release (list);
+  SEXP_RELEASE (list);
 
   list = gcry_sexp_find_token (key, "e", 0);
   if (list == NULL)
     {
       gnutls_assert ();
-      gcry_sexp_release (key);
+      SEXP_RELEASE (key);
       return GNUTLS_E_INTERNAL_ERROR;
     }
 
   resarr[1] = gcry_sexp_nth_mpi (list, 1, 0);
-  gcry_sexp_release (list);
+  SEXP_RELEASE (list);
 
   list = gcry_sexp_find_token (key, "d", 0);
   if (list == NULL)
     {
       gnutls_assert ();
-      gcry_sexp_release (key);
+      SEXP_RELEASE (key);
       return GNUTLS_E_INTERNAL_ERROR;
     }
 
   resarr[2] = gcry_sexp_nth_mpi (list, 1, 0);
-  gcry_sexp_release (list);
+  SEXP_RELEASE (list);
 
   list = gcry_sexp_find_token (key, "p", 0);
   if (list == NULL)
     {
       gnutls_assert ();
-      gcry_sexp_release (key);
+      SEXP_RELEASE (key);
       return GNUTLS_E_INTERNAL_ERROR;
     }
 
   resarr[3] = gcry_sexp_nth_mpi (list, 1, 0);
-  gcry_sexp_release (list);
+  SEXP_RELEASE (list);
 
 
   list = gcry_sexp_find_token (key, "q", 0);
   if (list == NULL)
     {
       gnutls_assert ();
-      gcry_sexp_release (key);
+      SEXP_RELEASE (key);
       return GNUTLS_E_INTERNAL_ERROR;
     }
 
   resarr[4] = gcry_sexp_nth_mpi (list, 1, 0);
-  gcry_sexp_release (list);
+  SEXP_RELEASE (list);
 
 
   list = gcry_sexp_find_token (key, "u", 0);
   if (list == NULL)
     {
       gnutls_assert ();
-      gcry_sexp_release (key);
+      SEXP_RELEASE (key);
       return GNUTLS_E_INTERNAL_ERROR;
     }
 
   resarr[5] = gcry_sexp_nth_mpi (list, 1, 0);
-  gcry_sexp_release (list);
 
-  gcry_sexp_release (key);
+  SEXP_RELEASE (list);
+  SEXP_RELEASE (key);
 
   _gnutls_dump_mpi ("n: ", resarr[0]);
   _gnutls_dump_mpi ("e: ", resarr[1]);