From 8e4bc16318833c2b78e816f49f6817a49899d689 Mon Sep 17 00:00:00 2001 From: Enrico Joerns Date: Tue, 1 Mar 2022 22:07:04 +0100 Subject: [PATCH] src/signature: Fix leaking GString in get_pubkey_hash() The variable 'string' will not be freed on error. Use g_autoptr to automatically free 'string' and use this to simplify code. Fixes coverity issue: | CID 1445505 (#1 of 1): Resource leak (RESOURCE_LEAK) | 7. leaked_storage: Variable string going out of scope leaks the storage it points to Signed-off-by: Enrico Joerns --- src/signature.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/src/signature.c b/src/signature.c index 674ab937a..a51dd5cfa 100644 --- a/src/signature.c +++ b/src/signature.c @@ -604,8 +604,7 @@ GBytes *cms_sign(GBytes *content, gboolean detached, const gchar *certfile, cons gchar* get_pubkey_hash(X509 *cert) { - gchar *data = NULL; - GString *string; + g_autoptr(GString) string = NULL; g_autofree unsigned char *der_buf = NULL; unsigned char *tmp_buf = NULL; unsigned int len = 0; @@ -620,7 +619,7 @@ gchar* get_pubkey_hash(X509 *cert) len = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), NULL); if (len <= 0) { g_warning("DER Encoding failed"); - goto out; + return NULL; } /* As i2d_X509_PUBKEY() moves pointer after end of data, * we must use a tmp pointer, here */ @@ -631,7 +630,7 @@ gchar* get_pubkey_hash(X509 *cert) if (!EVP_Digest(der_buf, len, md, &n, EVP_sha256(), NULL)) { g_warning("Error in EVP_Digest"); - goto out; + return NULL; } g_assert_cmpint(n, ==, SHA256_DIGEST_LENGTH); @@ -641,9 +640,7 @@ gchar* get_pubkey_hash(X509 *cert) } g_string_truncate(string, SHA256_DIGEST_LENGTH * 3 - 1); - data = g_string_free(string, FALSE); -out: - return data; + return g_string_free(string, FALSE); } gchar** get_pubkey_hashes(STACK_OF(X509) *verified_chain)