[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Wed Jun 1 14:01:31 UTC 2016
The branch master has been updated
via f83b85fb0f46f7a3e92651f1e5eb7b1081fb8650 (commit)
via 7b0ee1353d0e3ece7986e12c6684f1aac7483cea (commit)
via a3768e0c9b8b80fadcab06afed77a9d27ed1b6dd (commit)
via 5bf7c7725b9cb44813dc78cf143c5c1d5aada02c (commit)
via fe2b7dfdf446088d5c1cc9dc9d49d131cc4ef7f9 (commit)
via 0461b7ea7bd1112c4fa357545fc8a456138ed3af (commit)
from 6493e4801e9edbe1ad1e256d4ce9cd55c8aa2242 (commit)
- Log -----------------------------------------------------------------
commit f83b85fb0f46f7a3e92651f1e5eb7b1081fb8650
Author: Matt Caswell <matt at openssl.org>
Date: Tue Apr 26 18:45:46 2016 +0100
Ensure an ASN1_OBJECT is freed in error paths
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit 7b0ee1353d0e3ece7986e12c6684f1aac7483cea
Author: Matt Caswell <matt at openssl.org>
Date: Tue Apr 26 18:37:58 2016 +0100
Free allocated password strings on exit
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit a3768e0c9b8b80fadcab06afed77a9d27ed1b6dd
Author: Matt Caswell <matt at openssl.org>
Date: Tue Apr 26 18:33:03 2016 +0100
Free a BIO_ADDR if DTLSv1_listen return <=0
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit 5bf7c7725b9cb44813dc78cf143c5c1d5aada02c
Author: Matt Caswell <matt at openssl.org>
Date: Tue Apr 26 18:29:49 2016 +0100
Ensure BIGNUM is freed in an error path
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit fe2b7dfdf446088d5c1cc9dc9d49d131cc4ef7f9
Author: Matt Caswell <matt at openssl.org>
Date: Tue Apr 26 18:28:03 2016 +0100
Free an X509_CRL in an error path
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit 0461b7ea7bd1112c4fa357545fc8a456138ed3af
Author: Matt Caswell <matt at openssl.org>
Date: Tue Apr 26 18:25:39 2016 +0100
Don't leak X509_OBJECT in an error path
Swap the ordering of some code to avoid a leak in an error path.
Reviewed-by: Richard Levitte <levitte at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/apps.c | 4 +++-
apps/prime.c | 3 +--
apps/s_server.c | 8 +++++---
apps/srp.c | 2 ++
apps/x509.c | 7 ++++++-
5 files changed, 17 insertions(+), 7 deletions(-)
diff --git a/apps/apps.c b/apps/apps.c
index a3e1794..fca3775 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1984,8 +1984,10 @@ static STACK_OF(X509_CRL) *crls_http_cb(X509_STORE_CTX *ctx, X509_NAME *nm)
crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, NULL, NULL);
crl = load_crl_crldp(crldp);
sk_DIST_POINT_pop_free(crldp, DIST_POINT_free);
- if (!crl)
+ if (!crl) {
+ sk_X509_CRL_free(crls);
return NULL;
+ }
sk_X509_CRL_push(crls, crl);
/* Try to download delta CRL */
crldp = X509_get_ext_d2i(x, NID_freshest_crl, NULL, NULL);
diff --git a/apps/prime.c b/apps/prime.c
index 940fd45..b0f5969 100644
--- a/apps/prime.c
+++ b/apps/prime.c
@@ -119,9 +119,8 @@ int prime_main(int argc, char **argv)
}
}
- BN_free(bn);
-
ret = 0;
end:
+ BN_free(bn);
return ret;
}
diff --git a/apps/s_server.c b/apps/s_server.c
index 08753c3..dce02f0 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -576,13 +576,13 @@ static int cert_status_cb(SSL *s, void *arg)
BIO_puts(bio_err, "cert_status: Can't retrieve issuer certificate.\n");
goto done;
}
- req = OCSP_REQUEST_new();
- if (req == NULL)
- goto err;
id = OCSP_cert_to_id(NULL, x, X509_OBJECT_get0_X509(obj));
X509_OBJECT_free(obj);
if (!id)
goto err;
+ req = OCSP_REQUEST_new();
+ if (req == NULL)
+ goto err;
if (!OCSP_request_add0_id(req, id))
goto err;
id = NULL;
@@ -2481,6 +2481,8 @@ static int init_ssl_connection(SSL *con)
BIO_ADDR_free(client);
dtlslisten = 0;
i = SSL_accept(con);
+ } else {
+ BIO_ADDR_free(client);
}
} else
#endif
diff --git a/apps/srp.c b/apps/srp.c
index d81346d..5ba9375 100644
--- a/apps/srp.c
+++ b/apps/srp.c
@@ -597,6 +597,8 @@ int srp_main(int argc, char **argv)
if (verbose)
BIO_printf(bio_err, "SRP terminating with code %d.\n", ret);
+ OPENSSL_free(passin);
+ OPENSSL_free(passout);
if (ret)
ERR_print_errors(bio_err);
if (randfile)
diff --git a/apps/x509.c b/apps/x509.c
index 56c6fcc..6419766 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -145,7 +145,7 @@ OPTIONS x509_options[] = {
int x509_main(int argc, char **argv)
{
ASN1_INTEGER *sno = NULL;
- ASN1_OBJECT *objtmp;
+ ASN1_OBJECT *objtmp = NULL;
BIO *out = NULL;
CONF *extconf = NULL;
EVP_PKEY *Upkey = NULL, *CApkey = NULL, *fkey = NULL;
@@ -277,6 +277,7 @@ int x509_main(int argc, char **argv)
if (trust == NULL && (trust = sk_ASN1_OBJECT_new_null()) == NULL)
goto end;
sk_ASN1_OBJECT_push(trust, objtmp);
+ objtmp = NULL;
trustout = 1;
break;
case OPT_ADDREJECT:
@@ -290,6 +291,7 @@ int x509_main(int argc, char **argv)
&& (reject = sk_ASN1_OBJECT_new_null()) == NULL)
goto end;
sk_ASN1_OBJECT_push(reject, objtmp);
+ objtmp = NULL;
trustout = 1;
break;
case OPT_SETALIAS:
@@ -590,6 +592,7 @@ int x509_main(int argc, char **argv)
objtmp = sk_ASN1_OBJECT_value(trust, i);
X509_add1_trust_object(x, objtmp);
}
+ objtmp = NULL;
}
if (reject) {
@@ -597,6 +600,7 @@ int x509_main(int argc, char **argv)
objtmp = sk_ASN1_OBJECT_value(reject, i);
X509_add1_reject_object(x, objtmp);
}
+ objtmp = NULL;
}
if (num) {
@@ -885,6 +889,7 @@ int x509_main(int argc, char **argv)
ASN1_INTEGER_free(sno);
sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
+ ASN1_OBJECT_free(objtmp);
OPENSSL_free(passin);
return (ret);
}
More information about the openssl-commits
mailing list