View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0007628 | GNUnet | revocation service | public | 2023-01-29 22:32 | 2024-02-29 22:46 |
| Reporter | ulfvonbelow | Assigned To | schanzen | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Product Version | Git master | ||||
| Target Version | 0.19.4 | Fixed in Version | 0.19.4 | ||
| Summary | 0007628: Memory leak in check_signature_identity and sign_pow_identity of revocation_api.c | ||||
| Description | spurp in the former doesn't get freed, rp in the latter. | ||||
| Steps To Reproduce | ./configure --enable-sanitizer make make install make check | ||||
| Additional Information | Patch attached. | ||||
| Tags | memory-leak, patch | ||||
| Attached Files | 0001-REVOCATION-don-t-leak-signature-purpose-memory.patch (1,770 bytes)
From 3042a1630c0b479e3192d0fb1a8ac009ff4e6dd5 Mon Sep 17 00:00:00 2001
From: ulfvonbelow <strilen@tilde.club>
Date: Sun, 29 Jan 2023 05:49:49 -0600
Subject: [PATCH] REVOCATION: don't leak signature purpose memory.
---
src/revocation/revocation_api.c | 19 +++++++++----------
1 file changed, 9 insertions(+), 10 deletions(-)
diff --git a/src/revocation/revocation_api.c b/src/revocation/revocation_api.c
index a0813ddcd..327b03494 100644
--- a/src/revocation/revocation_api.c
+++ b/src/revocation/revocation_api.c
@@ -427,20 +427,18 @@ check_signature_identity (const struct GNUNET_REVOCATION_PowP *pow,
struct GNUNET_REVOCATION_SignaturePurposePS *spurp;
unsigned char *sig;
size_t ksize;
+ int ret;
ksize = GNUNET_IDENTITY_public_key_get_length (key);
spurp = REV_create_signature_message (pow);
sig = ((unsigned char*) &pow[1] + ksize);
- if (GNUNET_OK !=
- GNUNET_IDENTITY_signature_verify_raw_ (
- GNUNET_SIGNATURE_PURPOSE_REVOCATION,
- &spurp->purpose,
- sig,
- key))
- {
- return GNUNET_SYSERR;
- }
- return GNUNET_OK;
+ ret =
+ GNUNET_IDENTITY_signature_verify_raw_ (GNUNET_SIGNATURE_PURPOSE_REVOCATION,
+ &spurp->purpose,
+ sig,
+ key);
+ GNUNET_free (spurp);
+ return ret == GNUNET_OK ? GNUNET_OK : GNUNET_SYSERR;
}
@@ -588,6 +586,7 @@ sign_pow_identity (const struct GNUNET_IDENTITY_PrivateKey *key,
int result = GNUNET_IDENTITY_sign_raw_ (key,
&rp->purpose,
(void*) sig);
+ GNUNET_free (rp);
if (result == GNUNET_SYSERR)
return GNUNET_NO;
else
--
2.38.1
| ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2023-01-29 22:32 | ulfvonbelow | New Issue | |
| 2023-01-29 22:32 | ulfvonbelow | Tag Attached: bug | |
| 2023-01-29 22:32 | ulfvonbelow | Tag Attached: memory-leak | |
| 2023-01-29 22:32 | ulfvonbelow | Tag Attached: patch | |
| 2023-01-29 22:32 | ulfvonbelow | File Added: 0001-REVOCATION-don-t-leak-signature-purpose-memory.patch | |
| 2023-02-06 06:12 | schanzen | Assigned To | => schanzen |
| 2023-02-06 06:12 | schanzen | Status | new => resolved |
| 2023-02-06 06:12 | schanzen | Resolution | open => fixed |
| 2023-02-06 06:12 | schanzen | Fixed in Version | => 0.19.4 |
| 2023-02-06 06:19 | schanzen | Target Version | => 0.19.4 |
| 2023-06-01 20:26 | schanzen | Note Added: 0020238 | |
| 2023-06-01 20:26 | schanzen | Status | resolved => closed |
| 2024-02-29 22:46 | Christian Grothoff | Tag Detached: bug |
