diff options
-rw-r--r-- | lib/opencdk/read-packet.c | 4 | ||||
-rw-r--r-- | tests/cert-tests/data/subpkt-leak.pub | 1 | ||||
-rwxr-xr-x | tests/cert-tests/openpgp-cert-parser | 4 |
3 files changed, 8 insertions, 1 deletions
diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c index faee419bc2..cdb47007a6 100644 --- a/lib/opencdk/read-packet.c +++ b/lib/opencdk/read-packet.c @@ -595,8 +595,10 @@ read_subpkt(cdk_stream_t inp, cdk_subpkt_t * r_ctx, size_t * r_nbytes) node->size--; rc = stream_read(inp, node->d, node->size, &nread); n += nread; - if (rc) + if (rc) { + cdk_subpkt_free(node); return rc; + } *r_nbytes = n; if (!*r_ctx) *r_ctx = node; diff --git a/tests/cert-tests/data/subpkt-leak.pub b/tests/cert-tests/data/subpkt-leak.pub new file mode 100644 index 0000000000..643c334332 --- /dev/null +++ b/tests/cert-tests/data/subpkt-leak.pub @@ -0,0 +1 @@ +Éûÿ‰Š²»ŠŠŠ
\ No newline at end of file diff --git a/tests/cert-tests/openpgp-cert-parser b/tests/cert-tests/openpgp-cert-parser index c12e1be8d6..2cd843cc66 100755 --- a/tests/cert-tests/openpgp-cert-parser +++ b/tests/cert-tests/openpgp-cert-parser @@ -42,4 +42,8 @@ echo "Checking OpenPGP certificate parsing" | grep "^import error:" > /dev/null) || \ fail "Parsing should have errored" +("${CERTTOOL}" --inraw --pgp-certificate-info --infile "${srcdir}/data/subpkt-leak.pub" 2>&1 \ + | grep "^import error:" > /dev/null) || \ + fail "Parsing should have errored" + exit ${RETCODE:-0} |