pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/security/netpgpverify/files
Module Name: pkgsrc
Committed By: agc
Date: Sat Jul 9 17:18:24 UTC 2016
Modified Files:
pkgsrc/security/netpgpverify/files: bignum.c libverify.c verify.h
Log Message:
Update netpgpverify and libnetpgpverify to 20160708
+ clear and free bignums properly - helps immensely with plugging
memory leaks
To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.9 pkgsrc/security/netpgpverify/files/bignum.c
cvs rdiff -u -r1.23 -r1.24 pkgsrc/security/netpgpverify/files/libverify.c
cvs rdiff -u -r1.33 -r1.34 pkgsrc/security/netpgpverify/files/verify.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/security/netpgpverify/files/bignum.c
diff -u pkgsrc/security/netpgpverify/files/bignum.c:1.8 pkgsrc/security/netpgpverify/files/bignum.c:1.9
--- pkgsrc/security/netpgpverify/files/bignum.c:1.8 Thu Jun 30 21:03:51 2016
+++ pkgsrc/security/netpgpverify/files/bignum.c Sat Jul 9 17:18:24 2016
@@ -5438,6 +5438,7 @@ PGPV_BN_free(PGPV_BIGNUM *a)
{
if (a) {
mp_clear(a);
+ free(a);
}
}
@@ -5447,13 +5448,13 @@ PGPV_BN_clear(PGPV_BIGNUM *a)
if (a) {
mp_clear(a);
}
- free(a);
}
void
PGPV_BN_clear_free(PGPV_BIGNUM *a)
{
PGPV_BN_clear(a);
+ free(a);
}
int
Index: pkgsrc/security/netpgpverify/files/libverify.c
diff -u pkgsrc/security/netpgpverify/files/libverify.c:1.23 pkgsrc/security/netpgpverify/files/libverify.c:1.24
--- pkgsrc/security/netpgpverify/files/libverify.c:1.23 Fri Jul 8 17:45:41 2016
+++ pkgsrc/security/netpgpverify/files/libverify.c Sat Jul 9 17:18:24 2016
@@ -1928,8 +1928,8 @@ lowlevel_rsa_public_check(const uint8_t
printf("rsa r padding check failed\n");
}
err:
- PGPV_BN_free(encbn);
- PGPV_BN_free(decbn);
+ PGPV_BN_clear_free(encbn);
+ PGPV_BN_clear_free(decbn);
if (decbuf != NULL) {
(void) memset(decbuf, 0x0, nbytes);
free(decbuf);
@@ -1952,8 +1952,8 @@ rsa_public_decrypt(int enclen, const uns
pub.n = PGPV_BN_dup(rsa->n);
pub.e = PGPV_BN_dup(rsa->e);
ret = lowlevel_rsa_public_check(enc, enclen, dec, &pub);
- PGPV_BN_free(pub.n);
- PGPV_BN_free(pub.e);
+ PGPV_BN_clear_free(pub.n);
+ PGPV_BN_clear_free(pub.e);
return ret;
}
@@ -2046,12 +2046,12 @@ bignum_is_bad(PGPV_BIGNUM *bn)
static int
verify_dsa_sig(uint8_t *calculated, unsigned calclen, pgpv_bignum_t *sig, pgpv_pubkey_t *pubkey)
{
+ PGPV_BIGNUM *M;
+ PGPV_BIGNUM *W;
+ PGPV_BIGNUM *t1;
unsigned qbits;
uint8_t calcnum[128];
uint8_t signum[128];
- PGPV_BIGNUM *M;
- PGPV_BIGNUM *W;
- PGPV_BIGNUM *t1;
int ret;
if (pubkey->bn[DSA_P].bn == NULL ||
@@ -2103,13 +2103,13 @@ verify_dsa_sig(uint8_t *calculated, unsi
ret = memcmp(calcnum, signum, BITS_TO_BYTES(qbits)) == 0;
done:
if (M) {
- PGPV_BN_free(M);
+ PGPV_BN_clear_free(M);
}
if (W) {
- PGPV_BN_free(W);
+ PGPV_BN_clear_free(W);
}
if (t1) {
- PGPV_BN_free(t1);
+ PGPV_BN_clear_free(t1);
}
return ret;
}
@@ -2991,7 +2991,8 @@ free_bn_array(pgpv_bignum_t *v, unsigned
unsigned i;
for (i = 0 ; i < n ; i++) {
- PGPV_BN_free(v[i].bn);
+ PGPV_BN_clear_free(v[i].bn);
+ v[i].bn = NULL;
}
}
@@ -3005,7 +3006,9 @@ pgpv_close(pgpv_t *pgp)
{
pgpv_primarykey_t *primary;
pgpv_pkt_t *pkt;
+ uint64_t n;
unsigned i;
+ unsigned j;
if (pgp == NULL) {
return 0;
@@ -3020,7 +3023,6 @@ pgpv_close(pgpv_t *pgp)
pkt = &ARRAY_ELEMENT(pgp->pkts, i);
switch(pkt->tag) {
case SIGNATURE_PKT:
- free_bn_array(pkt->u.sigpkt.sig.bn, PGPV_MAX_SIG_BN);
ARRAY_FREE(pkt->u.sigpkt.subpackets);
break;
case LITDATA_PKT:
@@ -3046,6 +3048,10 @@ pgpv_close(pgpv_t *pgp)
primary = &ARRAY_ELEMENT(pgp->primaries, i);
free_bn_array(primary->primary.bn, PGPV_MAX_PUBKEY_BN);
ARRAY_FREE(primary->signatures);
+ for (j = 0 ; j < ARRAY_COUNT(primary->signed_userids) ; j++) {
+ n = ARRAY_ELEMENT(primary->signed_userids, j);
+ ARRAY_FREE(ARRAY_ELEMENT(pgp->signed_userids, n).signatures);
+ }
ARRAY_FREE(primary->signed_userids);
ARRAY_FREE(primary->signed_userattrs);
ARRAY_FREE(primary->signed_subkeys);
@@ -3053,6 +3059,9 @@ pgpv_close(pgpv_t *pgp)
for (i = 0 ; i < ARRAY_COUNT(pgp->signatures) ; i++) {
free_bn_array(ARRAY_ELEMENT(pgp->signatures, i).bn, PGPV_MAX_SIG_BN);
}
+ for (i = 0 ; i < ARRAY_COUNT(pgp->signed_subkeys) ; i++) {
+ free_bn_array(ARRAY_ELEMENT(pgp->signed_subkeys, i).subkey.bn, PGPV_MAX_SIG_BN);
+ }
ARRAY_FREE(pgp->primaries);
ARRAY_FREE(pgp->datastarts);
ARRAY_FREE(pgp->signatures);
Index: pkgsrc/security/netpgpverify/files/verify.h
diff -u pkgsrc/security/netpgpverify/files/verify.h:1.33 pkgsrc/security/netpgpverify/files/verify.h:1.34
--- pkgsrc/security/netpgpverify/files/verify.h:1.33 Fri Jul 8 17:45:41 2016
+++ pkgsrc/security/netpgpverify/files/verify.h Sat Jul 9 17:18:24 2016
@@ -23,9 +23,9 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef NETPGP_VERIFY_H_
-#define NETPGP_VERIFY_H_ 20160707
+#define NETPGP_VERIFY_H_ 20160708
-#define NETPGPVERIFY_VERSION "netpgpverify portable 20160707"
+#define NETPGPVERIFY_VERSION "netpgpverify portable 20160708"
#include <sys/types.h>
Home |
Main Index |
Thread Index |
Old Index