1 From: Werner Koch <wk@gnupg.org>
2 Date: Sun, 5 Mar 2017 23:24:15 +0100
3 Subject: gpg: Fix attempt to double free an UID structure.
5 * g10/getkey.c (get_best_pubkey_byname): Set released .UID to NULL.
8 Phil Pennock reported an assertion failure when doing
10 % gpg --auto-key-locate dane --locate-keys someone
11 gpg: Ohhhh jeeee: Assertion "uid->ref > 0" in \
12 free_user_id failed (free-packet.c:310)
14 on his keyring. This patch is not tested but a good guess.
16 Signed-off-by: Werner Koch <wk@gnupg.org>
17 (cherry picked from commit 4a130bbc2c2f4be6e8c6357512a943f435ade28f)
19 g10/getkey.c | 9 +++++++--
20 1 file changed, 7 insertions(+), 2 deletions(-)
22 diff --git a/g10/getkey.c b/g10/getkey.c
23 index e39de28..21dcf08 100644
26 @@ -1592,8 +1592,10 @@ get_best_pubkey_byname (ctrl_t ctrl, GETKEY_CTX *retctx, PKT_public_key *pk,
27 if (is_valid_mailbox (name) && ctx)
29 /* Rank results and return only the most relevant key. */
30 - struct pubkey_cmp_cookie best = { 0 }, new;
31 - KBNODE new_keyblock;
32 + struct pubkey_cmp_cookie best = { 0 };
33 + struct pubkey_cmp_cookie new;
34 + kbnode_t new_keyblock;
36 while (getkey_next (ctx, &new.key, &new_keyblock) == 0)
38 int diff = pubkey_cmp (ctrl, name, &best, &new, new_keyblock);
39 @@ -1610,17 +1612,20 @@ get_best_pubkey_byname (ctrl_t ctrl, GETKEY_CTX *retctx, PKT_public_key *pk,
40 /* Old key is better. */
41 release_public_key_parts (&new.key);
42 free_user_id (new.uid);
47 /* A tie. Keep the old key. */
48 release_public_key_parts (&new.key);
49 free_user_id (new.uid);
55 free_user_id (best.uid);