[gnome-keyring] gkm-gnome2-file: Fix leaks in create_cipher()

[Stefan Walter <stefw src gnome org>]

commit 04129e8d2c1cb8a0f5d6944d4bb7fa45f7171a2a
Author: Christophe Fergeau <cfergeau redhat com>
Date:   Mon Sep 15 19:21:36 2014 +0200

    gkm-gnome2-file: Fix leaks in create_cipher()
    
    'key' and 'iv' were allocated before calling
    egg_symkey_generate_simple() but this function allocates the memory
    needed for the 'key' and 'iv' return value, so the memory which was
    allocated in create_cipher() is lost and leaked.
    This also uses egg_secure_memory_free() to free 'key' memory as
    egg_symkey_generate_simple() allocates it with egg_secure_alloc().
    
    https://bugzilla.gnome.org/show_bug.cgi?id=738508

 pkcs11/gnome2-store/gkm-gnome2-file.c |   11 ++---------
 1 files changed, 2 insertions(+), 9 deletions(-)
---
diff --git a/pkcs11/gnome2-store/gkm-gnome2-file.c b/pkcs11/gnome2-store/gkm-gnome2-file.c
index d533fbb..eb085b5 100644
--- a/pkcs11/gnome2-store/gkm-gnome2-file.c
+++ b/pkcs11/gnome2-store/gkm-gnome2-file.c
@@ -363,31 +363,24 @@ create_cipher (GkmSecret *login, int calgo, int halgo, const guchar *salt,
        n_block = gcry_cipher_get_algo_blklen (calgo);
        g_return_val_if_fail (n_block, FALSE);
 
-       /* Allocate memory for the keys */
-       key = gcry_malloc_secure (n_key);
-       g_return_val_if_fail (key, FALSE);
-       iv = g_malloc0 (n_block);
-
        password = gkm_secret_get_password (login, &n_password);
 
        if (!egg_symkey_generate_simple (calgo, halgo, password, n_password,
                                         salt, n_salt, iterations, &key, &iv)) {
-               gcry_free (key);
-               g_free (iv);
                return FALSE;
        }
 
        gcry = gcry_cipher_open (cipher, calgo, GCRY_CIPHER_MODE_CBC, 0);
        if (gcry) {
                g_warning ("couldn't create cipher context: %s", gcry_strerror (gcry));
-               gcry_free (key);
+               egg_secure_free (key);
                g_free (iv);
                return FALSE;
        }
 
        gcry = gcry_cipher_setkey (*cipher, key, n_key);
        g_return_val_if_fail (!gcry, FALSE);
-       gcry_free (key);
+       egg_secure_free (key);
 
        gcry = gcry_cipher_setiv (*cipher, iv, n_block);
        g_return_val_if_fail (!gcry, FALSE);