RSA *d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length);
pp should be an in parameter, but the M_ASN1_D2I_Finish_2(a)
modifies it (see line 94 in crypto/asn1/asn1_mac.h)
this is a memory leak and will core dump when calling free(pp).
the code below demonstrates this:
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <stdio.h>
int main(int argc, char* argv[])
{
RSA* rsa;
BIO* out;
FILE* key_file;
unsigned char* buffer;
unsigned char* buffer2;
int count;
key_file = fopen(argv[1], "r");
buffer =(unsigned char*)malloc(1000);
buffer2 = buffer;
count = fread(buffer, 1, 5000, key_file); /* read DER encoded RSA key*/
printf("read=%d\n",count);
out = BIO_new(BIO_s_file());
BIO_set_fp(out,stdout,BIO_NOCLOSE);
rsa = d2i_RSAPrivateKey(NULL, &buffer, count);
PEM_write_bio_RSA_PUBKEY(out, rsa);
/*freeing buffer will crash because it no longer points to the allocated
memory*/
//free(buffer);
free(buffer2); /* will not crash */
fclose(key_file);
}
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
