packages/gnupg2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
gnupg2/backport-gpg-Fix-double-free-of-internal-data.patch
yixiangzhike 14bb88a54f Fix CVE-2025-30258 
(cherry picked from commit 454a7b329da6f8f8a86fdc93b6fa0febb8b2d641)
2025-03-31 11:20:46 +08:00

33 lines
1.0 KiB
Diff
Raw Blame History

From 4be25979a6b3e2a79d7c9667b07db8b09fb046e9 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 13 Mar 2025 11:35:34 +0100
Subject: [PATCH] gpg: Fix double free of internal data.
* g10/sig-check.c (check_signature_over_key_or_uid): Do not free in
no-sig-cache mode if allocated by caller.
--
GnuPG-bug-id: 7547
Fixes-commit: 44cdb9d73f1a0b7d2c8483a119b9c4d6caabc1ec
---
g10/sig-check.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/g10/sig-check.c b/g10/sig-check.c
index 456c29320..ed83c23f9 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -1007,7 +1007,8 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
rc = get_pubkey_for_sig (ctrl, signer, sig, NULL, NULL);
if (rc)
{
- xfree (signer);
+ if (signer_alloced != 1)
+ xfree (signer);
signer = NULL;
signer_alloced = 0;
goto leave;
--
2.33.0
Reference in New Issue View Git Blame Copy Permalink