[openssl.org #3278] Patch: Memory leak in p12_kiss.c in int parse_bag(PKCS12_SAFEBAG *bag

František Bořánek via RT Wed, 05 Mar 2014 11:42:12 -0800

Hi,I found, fixed and verified this memory leak. I've checked latest source 
code and memory leak wasn't fixed yet.   Version: openssl-1.0.1eOS: all affected


Regards,
František Bořánek
developer - Kerio Connect
.................................................................
Kerio Technologies s. r. o.
Anglicke nabrezi 1, 301 49 Plzen
Czech Republic
tel. +420 378 225 158
http://www.kerio.com
.................................................................
Connect. Communicate. Collaborate. Securely.

--- crypto/pkcs12/p12_kiss.c    2013-02-11 16:26:04.000000000 +0100
+++ crypto/pkcs12/p12_kiss.c    2014-01-24 17:12:23.000000000 +0100
@@ -278,6 +278,9 @@ static int parse_bag(PKCS12_SAFEBAG *bag
                                        return 0;
                                        }
                        }
+                       else if (len > -1) {
+                               OPENSSL_free(data); // just free zero length 
string
+                       }
                }
 
                if(!sk_X509_push(ocerts, x509))

[openssl.org #3278] Patch: Memory leak in p12_kiss.c in int parse_bag(PKCS12_SAFEBAG *bag

Reply via email to