Page MenuHome GnuPG - static
Create Task
Maniphest T5385

libgcrypt coverity static analysis reports
Closed, ResolvedPublic
Actions

Description

the coverity scan reported couple of issues in libgcrypt. Ignoring the tests memory leaks and false positives, one looks like a real issue:

Error: RESOURCE_LEAK (CWE-772): [#def8]
libgcrypt-1.9.1/cipher/ecc-eddsa.c:997: alloc_fn: Storage is returned from allocation function "_gcry_mpi_new".
libgcrypt-1.9.1/cipher/ecc-eddsa.c:997: var_assign: Assigning: "s" = storage returned from "_gcry_mpi_new(0U)".
libgcrypt-1.9.1/cipher/ecc-eddsa.c:1006: leaked_storage: Variable "s" going out of scope leaks the storage it points to.
# 1004|       b++;
# 1005|     else
# 1006|->     return GPG_ERR_NOT_IMPLEMENTED;
# 1007|   
# 1008|     /* Encode and check the public key.  */

The patch to address this issue is attached:

libgcrypt-coverity.patch927 BDownload

Revisions and Commits

rC libgcrypt
rCa8d6c6c1b258 cipher: Fix memory leaks for EdDSA.

Related Objects

Event Timeline

Jakuje created this task.Apr 7 2021, 5:15 PM
werner triaged this task as Low priority.Apr 7 2021, 6:22 PM
werner added a subscriber: werner.

Yes, will be fixed but it has no severity because the fault is actually by the caller.

gniibe closed this task as Resolved.Apr 15 2021, 9:13 AM
gniibe claimed this task.
gniibe added a subscriber: gniibe.

Thank you.
We also need to release memory for points.

And... reviewing this patch, I found another (real) leak.

Applied and pushed in rCa8d6c6c1b258: cipher: Fix memory leaks for EdDSA..

gniibe added a commit: rCa8d6c6c1b258: cipher: Fix memory leaks for EdDSA..Apr 15 2021, 9:14 AM
werner mentioned this in T5305: Release Libgcrypt 1.9.3.Apr 19 2021, 11:11 PM