Comit 5151de30 tried to fix leaking memory when importing a key. However key_search_keyserver() writes to the key passed in, making the original uid and fingerprint unreachable, causing the new uid and fingerprint to double free. Fixes FS#71107 --- lib/libalpm/signing.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c index b1b50bc8..a7be3a1a 100644 --- a/lib/libalpm/signing.c +++ b/lib/libalpm/signing.c @@ -513,6 +513,10 @@ int _alpm_key_import(alpm_handle_t *handle, const char *uid, const char *fpr) .key = &fetch_key }; QUESTION(handle, &question); + + free(fetch_key.uid); + free(fetch_key.fingerprint); + if(question.import) { /* Try to import the key from a WKD first */ if(email_from_uid(uid, &email) == 0) { @@ -538,9 +542,6 @@ int _alpm_key_import(alpm_handle_t *handle, const char *uid, const char *fpr) } } gpgme_key_unref(fetch_key.data); - free(fetch_key.uid); - free(fetch_key.fingerprint); - return ret; } -- 2.31.1