1 files changed, 38 insertions, 0 deletions

diff --git a/backport-Fix-memory-leak-in-pgpPrtParams.patch b/backport-Fix-memory-leak-in-pgpPrtParams.patch
new file mode 100644
index 0000000..72db05c
--- /dev/null
+++ b/backport-Fix-memory-leak-in-pgpPrtParams.patch
@@ -0,0 +1,38 @@
+From b6dffb6dc5ffa2ddc389743f0507876cab341315 Mon Sep 17 00:00:00 2001
+From: Michal Domonkos <mdomonko@redhat.com>
+Date: Fri, 7 Jan 2022 16:10:26 +0100
+Subject: [PATCH] Fix memory leak in pgpPrtParams()
+
+Make sure selfsig is freed in case we break out of the loop in this
+block.
+
+Note that the tests added with the binding validation commit bd36c5d do
+not cover this code path so valgrind won't show this.
+---
+ rpmio/rpmpgp.c | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
+index 1e4f667..3560328 100644
+--- a/rpmio/rpmpgp.c
++++ b/rpmio/rpmpgp.c
+@@ -1147,12 +1147,11 @@ int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype,
+ 
+ 	if (selfsig) {
+ 	    /* subkeys must be followed by binding signature */
+-	    if (prevtag == PGPTAG_PUBLIC_SUBKEY) {
+-		if (selfsig->sigtype != PGPSIGTYPE_SUBKEY_BINDING)
+-		    break;
+-	    }
++	    int xx = 1; /* assume failure */
+ 
+-	    int xx = pgpVerifySelf(digp, selfsig, all, i);
++	    if (!(prevtag == PGPTAG_PUBLIC_SUBKEY &&
++		  selfsig->sigtype != PGPSIGTYPE_SUBKEY_BINDING))
++		xx = pgpVerifySelf(digp, selfsig, all, i);
+ 
+ 	    selfsig = pgpDigParamsFree(selfsig);
+ 	    if (xx)
+-- 
+1.8.3.1
+