The branch master has been updated via aebd0e5ca12d1ba0b229a4121a54afa5ea2d8aa1 (commit) from c4fa1f7fc016919a5b3d4ea2aa66c77e0cc40c9d (commit)
- Log ----------------------------------------------------------------- commit aebd0e5ca12d1ba0b229a4121a54afa5ea2d8aa1 Author: Pavel Kopyl <p.ko...@samsung.com> Date: Fri Nov 3 18:18:59 2017 +0300 Fix memory leaks in CA related functions. Reviewed-by: Rich Salz <rs...@openssl.org> Reviewed-by: Richard Levitte <levi...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4700) ----------------------------------------------------------------------- Summary of changes: apps/ca.c | 5 ++++- apps/verify.c | 1 + crypto/conf/conf_api.c | 4 +++- crypto/engine/eng_lib.c | 6 ++++-- 4 files changed, 12 insertions(+), 4 deletions(-) diff --git a/apps/ca.c b/apps/ca.c index ea774ad..afc5e34 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -934,10 +934,13 @@ end_of_options: if (j > 0) { total_done++; BIO_printf(bio_err, "\n"); - if (!BN_add_word(serial, 1)) + if (!BN_add_word(serial, 1)) { + X509_free(x); goto end; + } if (!sk_X509_push(cert_sk, x)) { BIO_printf(bio_err, "Memory allocation failure\n"); + X509_free(x); goto end; } } diff --git a/apps/verify.c b/apps/verify.c index 5ad6ef4..38377a5 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -225,6 +225,7 @@ static int check(X509_STORE *ctx, const char *file, X509_STORE_set_flags(ctx, vflags); if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) { + X509_STORE_CTX_free(csc); printf("error %s: X.509 store context initialization failed\n", (file == NULL) ? "stdin" : file); goto end; diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c index ade5483..9606b7f 100644 --- a/crypto/conf/conf_api.c +++ b/crypto/conf/conf_api.c @@ -204,12 +204,14 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const char *section) v->value = (char *)sk; vv = lh_CONF_VALUE_insert(conf->data, v); - if (vv != NULL) + if (vv != NULL || lh_CONF_VALUE_error(conf->data) > 0) goto err; return v; err: sk_CONF_VALUE_free(sk); + if (v != NULL) + OPENSSL_free(v->section); OPENSSL_free(v); return NULL; } diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c index 95736ed..9028319 100644 --- a/crypto/engine/eng_lib.c +++ b/crypto/engine/eng_lib.c @@ -154,8 +154,10 @@ void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb) if (!int_cleanup_check(1)) return; item = int_cleanup_item(cb); - if (item) - sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item); + if (item != NULL) { + if (sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item) <= 0) + OPENSSL_free(item); + } } /* The API function that performs all cleanup */ _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits