The branch master has been updated
via a268ed3acf16948c0e19ba67b2b3f89b3312a416 (commit)
via 871881856fa1da2c175b17c52f6b0b1c15d791a1 (commit)
via 30f3b4e1c15cda063ed3e5ffc893b202afd671a3 (commit)
via e2d66c0d007ad8bcf80890dadf681135d24d86cd (commit)
via 48ff651eccf2f43ddbc221a0f9ddac57169aa255 (commit)
from 4f14a378f807e989aa0b328267732409c8d6ac68 (commit)
- Log -----------------------------------------------------------------
commit a268ed3acf16948c0e19ba67b2b3f89b3312a416
Author: Pauli <paul.d...@oracle.com>
Date: Mon Sep 14 07:50:40 2020 +1000
free memory use on error in cert verify
Reviewed-by: Richard Levitte <levi...@openssl.org>
Reviewed-by: Kurt Roeckx <k...@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/12870)
commit 871881856fa1da2c175b17c52f6b0b1c15d791a1
Author: Pauli <paul.d...@oracle.com>
Date: Mon Sep 14 07:47:26 2020 +1000
generate_cookie_callback: free temporary memory on an error path
Reviewed-by: Richard Levitte <levi...@openssl.org>
Reviewed-by: Kurt Roeckx <k...@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/12870)
commit 30f3b4e1c15cda063ed3e5ffc893b202afd671a3
Author: Pauli <paul.d...@oracle.com>
Date: Mon Sep 14 07:44:45 2020 +1000
PKCS5 PBE: free allocations on unlikely / impossible failure path
Reviewed-by: Richard Levitte <levi...@openssl.org>
Reviewed-by: Kurt Roeckx <k...@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/12870)
commit e2d66c0d007ad8bcf80890dadf681135d24d86cd
Author: Pauli <paul.d...@oracle.com>
Date: Mon Sep 14 07:40:58 2020 +1000
PKCS#8: free data on error path in newpass_bag
Reviewed-by: Richard Levitte <levi...@openssl.org>
Reviewed-by: Kurt Roeckx <k...@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/12870)
commit 48ff651eccf2f43ddbc221a0f9ddac57169aa255
Author: Pauli <paul.d...@oracle.com>
Date: Mon Sep 14 07:36:02 2020 +1000
DTLS: free allocated memory on error paths
Reviewed-by: Richard Levitte <levi...@openssl.org>
Reviewed-by: Kurt Roeckx <k...@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/12870)
-----------------------------------------------------------------------
Summary of changes:
apps/lib/s_cb.c | 1 +
crypto/evp/p5_crpt.c | 2 +-
crypto/pkcs12/p12_npas.c | 4 +++-
crypto/x509/x509_vfy.c | 1 +
ssl/statem/statem_dtls.c | 8 ++++++--
5 files changed, 12 insertions(+), 4 deletions(-)
diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c
index ec52cef158..72fb98402d 100644
--- a/apps/lib/s_cb.c
+++ b/apps/lib/s_cb.c
@@ -786,6 +786,7 @@ int generate_cookie_callback(SSL *ssl, unsigned char
*cookie,
/* Create buffer with peer's address and port */
if (!BIO_ADDR_rawaddress(peer, NULL, &length)) {
BIO_printf(bio_err, "Failed getting peer address\n");
+ BIO_ADDR_free(lpeer);
return 0;
}
OPENSSL_assert(length != 0);
diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c
index 4e9603757b..7e9a80e5c0 100644
--- a/crypto/evp/p5_crpt.c
+++ b/crypto/evp/p5_crpt.c
@@ -91,7 +91,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char
*pass, int passlen,
goto err;
mdsize = EVP_MD_size(md);
if (mdsize < 0)
- return 0;
+ goto err;
for (i = 1; i < iter; i++) {
if (!EVP_DigestInit_ex(ctx, md, NULL))
goto err;
diff --git a/crypto/pkcs12/p12_npas.c b/crypto/pkcs12/p12_npas.c
index ee35c45abb..7f04ce10de 100644
--- a/crypto/pkcs12/p12_npas.c
+++ b/crypto/pkcs12/p12_npas.c
@@ -157,8 +157,10 @@ static int newpass_bag(PKCS12_SAFEBAG *bag, const char
*oldpass,
if ((p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1)) == NULL)
return 0;
X509_SIG_get0(bag->value.shkeybag, &shalg, NULL);
- if (!alg_get(shalg, &p8_nid, &p8_iter, &p8_saltlen))
+ if (!alg_get(shalg, &p8_nid, &p8_iter, &p8_saltlen)) {
+ PKCS8_PRIV_KEY_INFO_free(p8);
return 0;
+ }
p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen,
p8_iter, p8);
PKCS8_PRIV_KEY_INFO_free(p8);
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 5520f08e28..f234ec0df6 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -3214,6 +3214,7 @@ static int build_chain(X509_STORE_CTX *ctx)
}
self_signed = X509_self_signed(x, 0);
if (self_signed < 0) {
+ sk_X509_free(sktmp);
ctx->error = X509_V_ERR_UNSPECIFIED;
return 0;
}
diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c
index 564829c808..84ae35b655 100644
--- a/ssl/statem/statem_dtls.c
+++ b/ssl/statem/statem_dtls.c
@@ -1051,12 +1051,16 @@ int dtls1_buffer_message(SSL *s, int is_ccs)
if (!ossl_assert(s->d1->w_msg_hdr.msg_len +
((s->version ==
DTLS1_BAD_VER) ? 3 : DTLS1_CCS_HEADER_LENGTH)
- == (unsigned int)s->init_num))
+ == (unsigned int)s->init_num)) {
+ dtls1_hm_fragment_free(frag);
return 0;
+ }
} else {
if (!ossl_assert(s->d1->w_msg_hdr.msg_len +
- DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num))
+ DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num))
{
+ dtls1_hm_fragment_free(frag);
return 0;
+ }
}
frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len;
