From 360a2c0ccc2821874606eb2e2fe41bb8a9b605f8 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Fri, 30 Dec 2016 21:17:22 -0500 Subject: Attempt to fix a leak in OpenPGP cert parsing. --- lib/opencdk/read-packet.c | 4 +++- tests/cert-tests/data/attribute-leak-1.pub | Bin 0 -> 5 bytes tests/cert-tests/openpgp-cert-parser | 4 ++++ 3 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 tests/cert-tests/data/attribute-leak-1.pub diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c index a7575bf85f..faee419bc2 100644 --- a/lib/opencdk/read-packet.c +++ b/lib/opencdk/read-packet.c @@ -509,8 +509,10 @@ read_attribute(cdk_stream_t inp, size_t pktlen, cdk_pkt_userid_t attr, p++; len--; - if (len >= pktlen) + if (len >= pktlen) { + cdk_free(buf); return CDK_Inv_Packet; + } attr->attrib_img = cdk_calloc(1, len); if (!attr->attrib_img) { cdk_free(buf); diff --git a/tests/cert-tests/data/attribute-leak-1.pub b/tests/cert-tests/data/attribute-leak-1.pub new file mode 100644 index 0000000000..6ab4334e3c Binary files /dev/null and b/tests/cert-tests/data/attribute-leak-1.pub differ diff --git a/tests/cert-tests/openpgp-cert-parser b/tests/cert-tests/openpgp-cert-parser index 9545fa0c6c..c12e1be8d6 100755 --- a/tests/cert-tests/openpgp-cert-parser +++ b/tests/cert-tests/openpgp-cert-parser @@ -38,4 +38,8 @@ echo "Checking OpenPGP certificate parsing" | grep "^import error: Error in parsing" > /dev/null) || \ fail "Parsing should have errored" +("${CERTTOOL}" --inraw --pgp-certificate-info --infile "${srcdir}/data/attribute-leak-1.pub" 2>&1 \ + | grep "^import error:" > /dev/null) || \ + fail "Parsing should have errored" + exit ${RETCODE:-0} -- cgit v1.2.1