gpgsm: Return NULL on fail
authorWerner Koch <wk@gnupg.org>
Mon, 22 Dec 2014 11:16:46 +0000 (12:16 +0100)
committerNIIBE Yutaka <gniibe@fsij.org>
Tue, 13 Jan 2015 01:49:57 +0000 (10:49 +0900)
* sm/gpgsm.c (parse_keyserver_line): Set SERVER to NULL.

--

Cherry-pick of abd5f6752d693b7f313c19604f0723ecec4d39a6.

Reported-by: Joshua Rogers <git@internot.info>
  "If something inside the ldapserver_parse_one function failed,
   'server' would be freed, then returned, leading to a
   use-after-free.  This code is likely copied from sm/gpgsm.c, which
   was also susceptible to this bug."

Signed-off-by: Werner Koch <wk@gnupg.org>
sm/gpgsm.c

index 97ec4bb..855de83 100644 (file)
@@ -840,6 +840,7 @@ parse_keyserver_line (char *line,
     {
       log_info (_("%s:%u: skipping this line\n"), filename, lineno);
       keyserver_list_free (server);
+      server = NULL;
     }
 
   return server;