On Thu, Dec 10, 2015 at 01:16:48PM +0100, Kurt Roeckx wrote: > On Mon, Dec 07, 2015 at 03:47:56PM +0000, Michel via RT wrote: > > Hi, > > > > Following my previous mail, here attached is an updated patch against 1.02e > > to fix the SRP VBASE memory leaks. > > Can you confirm that this would be the correct patch for master?
The following patch should at least compile. Kurt
>From cf23497a5e6db5d43f0d7a5efc5aefc6666b8590 Mon Sep 17 00:00:00 2001 From: Kurt Roeckx <[email protected]> Date: Thu, 10 Dec 2015 13:17:08 +0100 Subject: [PATCH] Fix SRP VBASE memory leak Based on patch by [email protected] --- crypto/srp/srp_vfy.c | 35 +++++++++++++++++++++-------------- 1 file changed, 21 insertions(+), 14 deletions(-) diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c index 1be68f2..172976b 100644 --- a/crypto/srp/srp_vfy.c +++ b/crypto/srp/srp_vfy.c @@ -72,6 +72,8 @@ static char b64table[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./"; +static void SRP_gN_cache_free(SRP_gN_cache *gN_cache); + /* * the following two conversion routines have been inspired by code from * Stanford @@ -275,7 +277,7 @@ void SRP_VBASE_free(SRP_VBASE *vb) if (!vb) return; sk_SRP_user_pwd_pop_free(vb->users_pwd, SRP_user_pwd_free); - sk_SRP_gN_cache_free(vb->gN_cache); + sk_SRP_gN_cache_pop_free(vb->gN_cache, SRP_gN_cache_free); OPENSSL_free(vb->seed_key); OPENSSL_free(vb); } @@ -302,7 +304,7 @@ static SRP_gN_cache *SRP_gN_new_init(const char *ch) return NULL; } -static void SRP_gN_free(SRP_gN_cache *gN_cache) +static void SRP_gN_cache_free(SRP_gN_cache *gN_cache) { if (gN_cache == NULL) return; @@ -311,6 +313,16 @@ static void SRP_gN_free(SRP_gN_cache *gN_cache) OPENSSL_free(gN_cache); } +static void SRP_gN_free(SRP_gN *gN) +{ + if (gN == NULL) + return; + OPENSSL_free(gN->id); + BN_free(gN->g); + BN_free(gN->N); + OPENSSL_free(gN); +} + static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab) { int i; @@ -343,7 +355,7 @@ static BIGNUM *SRP_gN_place_bn(STACK_OF(SRP_gN_cache) *gN_cache, char *ch) if (newgN) { if (sk_SRP_gN_cache_insert(gN_cache, newgN, 0) > 0) return newgN->bn; - SRP_gN_free(newgN); + SRP_gN_cache_free(newgN); } } return NULL; @@ -391,7 +403,7 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file) * we add this couple in the internal Stack */ - if ((gN = OPENSSL_malloc(sizeof(*gN))) == NULL) + if ((gN = OPENSSL_zalloc(sizeof(*gN))) == NULL) goto err; if ((gN->id = BUF_strdup(pp[DB_srpid])) == NULL @@ -447,21 +459,16 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file) error_code = SRP_NO_ERROR; err: - /* - * there may be still some leaks to fix, if this fails, the application - * terminates most likely - */ - - if (gN != NULL) { - OPENSSL_free(gN->id); - OPENSSL_free(gN); - } - + SRP_gN_free(gN); SRP_user_pwd_free(user_pwd); TXT_DB_free(tmpdb); BIO_free_all(in); + for (i=0; i < sk_SRP_gN_num(SRP_gN_tab); i++) { + OPENSSL_free(sk_SRP_gN_value(SRP_gN_tab, i)->id); + OPENSSL_free(sk_SRP_gN_value(SRP_gN_tab, i)); + } sk_SRP_gN_free(SRP_gN_tab); return error_code; -- 2.6.2
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
