commit a8d6c6c1b258548260748eefba0532fd35c8ce47 Author: NIIBE Yutaka Date: Thu Apr 15 16:08:24 2021 +0900 cipher: Fix memory leaks for EdDSA. * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Free the point Q. (_gcry_ecc_eddsa_verify): Avoid memory leaks for points and MPIs. -- GnuPG-bug-id: 5385 Co-authored-by: Jakub Jelen Signed-off-by: NIIBE Yutaka diff --git a/cipher/ecc-eddsa.c b/cipher/ecc-eddsa.c index 2a1a8907..8b32545a 100644 --- a/cipher/ecc-eddsa.c +++ b/cipher/ecc-eddsa.c @@ -641,7 +641,10 @@ _gcry_ecc_eddsa_genkey (mpi_ec_t ec, int flags) ec->d = _gcry_mpi_set_opaque (NULL, dbuf, dlen*8); rc = _gcry_ecc_eddsa_compute_h_d (&hash_d, ec); if (rc) - goto leave; + { + point_free (&Q); + goto leave; + } _gcry_mpi_set_buffer (a, hash_d, b, 0); xfree (hash_d); @@ -991,11 +994,6 @@ _gcry_ecc_eddsa_verify (gcry_mpi_t input, mpi_ec_t ec, if (!mpi_is_opaque (input) || !mpi_is_opaque (r_in) || !mpi_is_opaque (s_in)) return GPG_ERR_INV_DATA; - point_init (&Ia); - point_init (&Ib); - h = mpi_new (0); - s = mpi_new (0); - b = (ec->nbits+7)/8; if (ec->nbits == 255) @@ -1005,6 +1003,11 @@ _gcry_ecc_eddsa_verify (gcry_mpi_t input, mpi_ec_t ec, else return GPG_ERR_NOT_IMPLEMENTED; + point_init (&Ia); + point_init (&Ib); + h = mpi_new (0); + s = mpi_new (0); + /* Encode and check the public key. */ rc = _gcry_ecc_eddsa_encodepoint (ec->Q, ec, NULL, NULL, 0, &encpk, &encpklen);