diff options
author | Vivien Kraus <vivien@planete-kraus.eu> | 2021-05-17 23:46:31 +0200 |
---|---|---|
committer | Vivien Kraus <vivien@planete-kraus.eu> | 2021-05-18 00:49:21 +0200 |
commit | 1a52b8abb4ee98406d33c45eff5de9f6ca360bea (patch) | |
tree | 5d342a880b3e4da399dbd9b882176c350c770846 /src/jws/libwebidoidc-jws.c | |
parent | 70eb454bc21774b31bc0b17cb017bec831d5d695 (diff) |
Prevent memory error bug
I discovered this with the recent guile update. If dynwind_mpz_t_clear
is passed a copy of the mpz_t value, then the value living on the
stack of dynwind_mpz_t_clear will be registered for garbage
collection. However, that value becomes unreadable as soon as
dynwind_mpz_t_clear returns, because its location on the stack is
overriden.
Diffstat (limited to 'src/jws/libwebidoidc-jws.c')
-rw-r--r-- | src/jws/libwebidoidc-jws.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/jws/libwebidoidc-jws.c b/src/jws/libwebidoidc-jws.c index 4de3cbc..17ae6b5 100644 --- a/src/jws/libwebidoidc-jws.c +++ b/src/jws/libwebidoidc-jws.c @@ -135,7 +135,7 @@ SCM_DEFINE (webidoidc_jws_sign_g, "sign", 3, 0, 0, scm_throw (incompatible_alg, scm_list_2 (alg, key)); } mpz_init (c_sig); - dynwind_mpz_t_clear (c_sig); + dynwind_mpz_t_clear (&c_sig); if (scm_is_eq (alg, rs256) && rsa_sha256_sign_digest_tr (&c_pub, &c_key, NULL, &generate_random, c_digest, c_sig)) @@ -274,7 +274,7 @@ SCM_DEFINE (webidoidc_jws_verify_g, "verify", 4, 0, 0, scm_throw (incompatible_alg, scm_list_2 (alg, key)); } mpz_init (c_sig); - dynwind_mpz_t_clear (c_sig); + dynwind_mpz_t_clear (&c_sig); do_mpz_t_load (c_sig, signature, 1); if (scm_is_eq (alg, rs256)) { |