From b930bfa3777bb247295f73d18a478db5049a755d Mon Sep 17 00:00:00 2001
From: Vladimir Serbinenko <phcoder@gmail.com>
Date: Mon, 7 Jul 2025 14:52:20 +0000
Subject: [PATCH] libgcrypt: Fix a memory leak

Fixes: CID 468917

Signed-off-by: Vladimir Serbinenko <phcoder@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
 .../lib/libgcrypt-patches/08_sexp_leak.patch  | 21 +++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 grub-core/lib/libgcrypt-patches/08_sexp_leak.patch

diff --git a/grub-core/lib/libgcrypt-patches/08_sexp_leak.patch b/grub-core/lib/libgcrypt-patches/08_sexp_leak.patch
new file mode 100644
index 000000000..eefd0311e
--- /dev/null
+++ b/grub-core/lib/libgcrypt-patches/08_sexp_leak.patch
@@ -0,0 +1,21 @@
+sexp: Fix a memory leak
+
+Fixes: CID 468917
+
+Signed-off-by: Vladimir Serbinenko <phcoder@gmail.com>
+
+diff -ur ../libgcrypt-1.11.0/src/sexp.c grub-core/lib/libgcrypt/src/sexp.c
+--- a/grub-core/lib/libgcrypt-grub/src/sexp.c	2024-03-28 10:07:27.000000000 +0000
++++ b/grub-core/lib/libgcrypt-grub/src/sexp.c	2025-07-02 17:10:32.714864459 +0000
+@@ -2725,8 +2725,10 @@
+   length = 0;
+   for (s=string; *s; s +=2 )
+     {
+-      if (!hexdigitp (s) || !hexdigitp (s+1))
++      if (!hexdigitp (s) || !hexdigitp (s+1)) {
++	free (buffer);
+         return NULL;           /* Invalid hex digits. */
++      }
+       ((unsigned char*)buffer)[length++] = xtoi_2 (s);
+     }
+   *r_length = length;
-- 
2.47.3