[pkgsrc/trunk]: pkgsrc/security/netpgpverify/files Update netpgpverify and li...

[agc <agc%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/d70f621f58ba
branches:  trunk
changeset: 349532:d70f621f58ba
user:      agc <agc%pkgsrc.org@localhost>
date:      Sat Jul 09 17:18:24 2016 +0000

description:
Update netpgpverify and libnetpgpverify to 20160708

+ clear and free bignums properly - helps immensely with plugging
memory leaks

diffstat:

 security/netpgpverify/files/bignum.c    |   3 ++-
 security/netpgpverify/files/libverify.c |  33 +++++++++++++++++++++------------
 security/netpgpverify/files/verify.h    |   4 ++--
 3 files changed, 25 insertions(+), 15 deletions(-)

diffs (148 lines):

diff -r 52dd7a9a8b11 -r d70f621f58ba security/netpgpverify/files/bignum.c
--- a/security/netpgpverify/files/bignum.c      Sat Jul 09 17:12:22 2016 +0000
+++ b/security/netpgpverify/files/bignum.c      Sat Jul 09 17:18:24 2016 +0000
@@ -5438,6 +5438,7 @@
 {
        if (a) {
                mp_clear(a);
+               free(a);
        }
 }
 
@@ -5447,13 +5448,13 @@
        if (a) {
                mp_clear(a);
        }
-       free(a);
 }
 
 void
 PGPV_BN_clear_free(PGPV_BIGNUM *a)
 {
        PGPV_BN_clear(a);
+       free(a);
 }
 
 int
diff -r 52dd7a9a8b11 -r d70f621f58ba security/netpgpverify/files/libverify.c
--- a/security/netpgpverify/files/libverify.c   Sat Jul 09 17:12:22 2016 +0000
+++ b/security/netpgpverify/files/libverify.c   Sat Jul 09 17:18:24 2016 +0000
@@ -1928,8 +1928,8 @@
                printf("rsa r padding check failed\n");
        }
 err:
-       PGPV_BN_free(encbn);
-       PGPV_BN_free(decbn);
+       PGPV_BN_clear_free(encbn);
+       PGPV_BN_clear_free(decbn);
        if (decbuf != NULL) {
                (void) memset(decbuf, 0x0, nbytes);
                free(decbuf);
@@ -1952,8 +1952,8 @@
        pub.n = PGPV_BN_dup(rsa->n);
        pub.e = PGPV_BN_dup(rsa->e);
        ret = lowlevel_rsa_public_check(enc, enclen, dec, &pub);
-       PGPV_BN_free(pub.n);
-       PGPV_BN_free(pub.e);
+       PGPV_BN_clear_free(pub.n);
+       PGPV_BN_clear_free(pub.e);
        return ret;
 }
 
@@ -2046,12 +2046,12 @@
 static int
 verify_dsa_sig(uint8_t *calculated, unsigned calclen, pgpv_bignum_t *sig, pgpv_pubkey_t *pubkey)
 {
+       PGPV_BIGNUM      *M;
+       PGPV_BIGNUM      *W;
+       PGPV_BIGNUM      *t1;
        unsigned          qbits;
        uint8_t           calcnum[128];
        uint8_t           signum[128];
-       PGPV_BIGNUM              *M;
-       PGPV_BIGNUM              *W;
-       PGPV_BIGNUM              *t1;
        int               ret;
 
        if (pubkey->bn[DSA_P].bn == NULL ||
@@ -2103,13 +2103,13 @@
        ret = memcmp(calcnum, signum, BITS_TO_BYTES(qbits)) == 0;
 done:
        if (M) {
-               PGPV_BN_free(M);
+               PGPV_BN_clear_free(M);
        }
        if (W) {
-               PGPV_BN_free(W);
+               PGPV_BN_clear_free(W);
        }
        if (t1) {
-               PGPV_BN_free(t1);
+               PGPV_BN_clear_free(t1);
        }
        return ret;
 }
@@ -2991,7 +2991,8 @@
        unsigned        i;
 
        for (i = 0 ; i < n ; i++) {
-               PGPV_BN_free(v[i].bn);
+               PGPV_BN_clear_free(v[i].bn);
+               v[i].bn = NULL;
        }
 }
 
@@ -3005,7 +3006,9 @@
 {
        pgpv_primarykey_t       *primary;
        pgpv_pkt_t              *pkt;
+       uint64_t                 n;
        unsigned                 i;
+       unsigned                 j;
 
        if (pgp == NULL) {
                return 0;
@@ -3020,7 +3023,6 @@
                 pkt = &ARRAY_ELEMENT(pgp->pkts, i);
                 switch(pkt->tag) {
                 case SIGNATURE_PKT:
-                       free_bn_array(pkt->u.sigpkt.sig.bn, PGPV_MAX_SIG_BN);
                         ARRAY_FREE(pkt->u.sigpkt.subpackets);
                         break;
                 case LITDATA_PKT:
@@ -3046,6 +3048,10 @@
                primary = &ARRAY_ELEMENT(pgp->primaries, i);
                free_bn_array(primary->primary.bn, PGPV_MAX_PUBKEY_BN);
                ARRAY_FREE(primary->signatures);
+               for (j = 0 ; j < ARRAY_COUNT(primary->signed_userids) ; j++) {
+                       n = ARRAY_ELEMENT(primary->signed_userids, j);
+                       ARRAY_FREE(ARRAY_ELEMENT(pgp->signed_userids, n).signatures);
+               }
                ARRAY_FREE(primary->signed_userids);
                ARRAY_FREE(primary->signed_userattrs);
                ARRAY_FREE(primary->signed_subkeys);
@@ -3053,6 +3059,9 @@
        for (i = 0 ; i < ARRAY_COUNT(pgp->signatures) ; i++) {
                free_bn_array(ARRAY_ELEMENT(pgp->signatures, i).bn, PGPV_MAX_SIG_BN);
        }
+       for (i = 0 ; i < ARRAY_COUNT(pgp->signed_subkeys) ; i++) {
+               free_bn_array(ARRAY_ELEMENT(pgp->signed_subkeys, i).subkey.bn, PGPV_MAX_SIG_BN);
+       }
        ARRAY_FREE(pgp->primaries);
        ARRAY_FREE(pgp->datastarts);
        ARRAY_FREE(pgp->signatures);
diff -r 52dd7a9a8b11 -r d70f621f58ba security/netpgpverify/files/verify.h
--- a/security/netpgpverify/files/verify.h      Sat Jul 09 17:12:22 2016 +0000
+++ b/security/netpgpverify/files/verify.h      Sat Jul 09 17:18:24 2016 +0000
@@ -23,9 +23,9 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #ifndef NETPGP_VERIFY_H_
-#define NETPGP_VERIFY_H_       20160707
+#define NETPGP_VERIFY_H_       20160708
 
-#define NETPGPVERIFY_VERSION   "netpgpverify portable 20160707"
+#define NETPGPVERIFY_VERSION   "netpgpverify portable 20160708"
 
 #include <sys/types.h>