File gnupg-CVE-2025-30258-Fix-double-free-of-internal-data.patch of Package gpg2.41297

From 0666a8858fafefb6664c976eb94b73550a7e3da4 Mon Sep 17 00:00:00 2001                        
From: Werner Koch <wk@gnupg.org>                                                              
Date: Thu, 13 Mar 2025 11:35:34 +0100                                                         
Subject: [PATCH 6/6] gpg: Fix double free of internal data.                               
                                                                                              
* g10/sig-check.c (check_signature_over_key_or_uid): Do not free in                           
no-sig-cache mode if allocated by caller.                                                     
--                                                                                            
                                                                                              
GnuPG-bug-id: 7547                                                                            
Fixes-commit: 44cdb9d73f1a0b7d2c8483a119b9c4d6caabc1ec                                        
Signed-off-by: Lucas Mulling <lucas.mulling@suse.com>

Index: gnupg-2.2.27/g10/sig-check.c
===================================================================
--- gnupg-2.2.27.orig/g10/sig-check.c
+++ gnupg-2.2.27/g10/sig-check.c
@@ -927,7 +927,8 @@ check_signature_over_key_or_uid (ctrl_t
               rc = get_pubkey_for_sig (ctrl, signer, sig, NULL, NULL);
               if (rc)
                 {
-                  xfree (signer);
+                  if (signer_alloced != 1)
+                    xfree (signer);
                   signer = NULL;
                   signer_alloced = 0;
                   goto leave;
Places

File gnupg-CVE-2025-30258-Fix-double-free-of-internal-data.patch of Package gpg2.41297

Places
