File gnupg-CVE-2025-30258-fix.patch of Package gpg2

From c1b965cd92206ba75d6bcc9a1e95b6e500433949 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 13 Mar 2025 11:35:34 +0100
Subject: [PATCH 10/20] gpg: Fix double free of internal data.

* g10/sig-check.c (check_signature_over_key_or_uid): Do not free in
no-sig-cache mode if allocated by caller.
--

GnuPG-bug-id: 7547
Fixes-commit: 44cdb9d73f1a0b7d2c8483a119b9c4d6caabc1ec

diff --git a/g10/sig-check.c b/g10/sig-check.c
index 42eebcda8..e09be3d75 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -1007,7 +1007,8 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
               rc = get_pubkey_for_sig (ctrl, signer, sig, NULL, NULL);
               if (rc)
                 {
-                  xfree (signer);
+                  if (signer_alloced != 1)
+                    xfree (signer);
                   signer = NULL;
                   signer_alloced = 0;
                   goto leave;
-- 
2.48.1

Places

File gnupg-CVE-2025-30258-fix.patch of Package gpg2

Places