We have a scan tool that has detected a resource leak if the call to
BIO_new fails to allocate memory. The 'file' pointer is not cleaned up.
97 BIO *BIO_new_file(const char *filename, const char *mode)
98 {
99 BIO *ret;
100 FILE *file;
101
Event alloc_fn: Called allocation function "fopen"
Event var_assign: Assigned variable "file" to storage returned from
"fopen"
At conditional (1): "file = fopen == 0" taking false path
102 if ((file=fopen(filename,mode)) == NULL)
103 {
104 SYSerr(SYS_F_FOPEN,get_last_sys_error());
105
ERR_add_error_data(5,"fopen('",filename,"','",mode,"')");
106 if (errno == ENOENT)
107
BIOerr(BIO_F_BIO_NEW_FILE,BIO_R_NO_SUCH_FILE);
108 else
109
BIOerr(BIO_F_BIO_NEW_FILE,ERR_R_SYS_LIB);
110 return(NULL);
111 }
At conditional (2): "ret = BIO_new == 0" taking true path
112 if ((ret=BIO_new(BIO_s_file_internal())) == NULL)
Event leaked_storage: Returned without freeing storage "file"
113 return(NULL);
114
115 BIO_set_fp(ret,file,BIO_CLOSE);
116 return(ret);
117 }
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
