packages/gnupg2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!88 [sync] PR-85: Fix double free of internal data

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @zcfsite 
Signed-off-by: @zcfsite
This commit is contained in:
openeuler-ci-bot 2025-03-21 07:06:45 +00:00 committed by Gitee
commit 0101aaa7f7
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 37 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
backport-gpg-Fix-double-free-of-internal-data.patch Normal file
View File

@ -0,0 +1,32 @@
From 4be25979a6b3e2a79d7c9667b07db8b09fb046e9 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 13 Mar 2025 11:35:34 +0100
Subject: [PATCH] gpg: Fix double free of internal data.
* g10/sig-check.c (check_signature_over_key_or_uid): Do not free in
no-sig-cache mode if allocated by caller.
--
GnuPG-bug-id: 7547
Fixes-commit: 44cdb9d73f1a0b7d2c8483a119b9c4d6caabc1ec
---
g10/sig-check.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/g10/sig-check.c b/g10/sig-check.c
index 456c29320..ed83c23f9 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -1007,7 +1007,8 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
rc = get_pubkey_for_sig (ctrl, signer, sig, NULL);
if (rc)
{
- xfree (signer);
+ if (signer_alloced != 1)
+ xfree (signer);
signer = NULL;
signer_alloced = 0;
goto leave;
--
2.33.0

6
gnupg2.spec
View File

@ -1,6 +1,6 @@
Name: gnupg2
Version: 2.4.3
Release: 6
Release: 7
Summary: Utility for secure communication and data storage
License: GPLv3+
@ -21,6 +21,7 @@ Patch10: backport-dirmngr-Enable-the-call-of-ks_ldap_help_variables-wh.patch
Patch11: backport-gpg-Make-no-literal-work-again-for-c-and-store.patch
Patch12: backport-gpg-Fix-minor-memory-leak-during-certain-smartcard-o.patch
Patch13: supports-sm2-algorithm-signature-and-uses-sm3-hash-algorithm.patch
Patch14: backport-gpg-Fix-double-free-of-internal-data.patch
BuildRequires: gcc
BuildRequires: autoconf automake
@ -125,6 +126,9 @@ make check
%changelog
* Fri Mar 21 2025 yixiangzhike <yixiangzhike007@163.com> - 2.4.3-7
- backport upstream patch to fix double free
* Tue Jan 21 2025 Jia Chao <jiac13@chinaunicom.cn> - 2.4.3-6
- Fix: add autoconf, automake to buildrequires.