[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
Matt Caswell
matt at openssl.org
Tue Feb 14 10:31:47 UTC 2017
The branch OpenSSL_1_1_0-stable has been updated
via b37fce59cb7c48776361ac8cb8a808793016eefd (commit)
from 955286c9f38c11b8be719d632fa9267eb13467f8 (commit)
- Log -----------------------------------------------------------------
commit b37fce59cb7c48776361ac8cb8a808793016eefd
Author: Yuchi <yt8mn at virginia.edu>
Date: Sun Feb 5 19:33:47 2017 -0500
mem leak on error path and error propagation fix
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2559)
(cherry picked from commit e0670973d5c0b837eb5a9f1670e47107f466fbc7)
-----------------------------------------------------------------------
Summary of changes:
apps/ts.c | 8 +++++++-
crypto/ec/ec_ameth.c | 4 +++-
ssl/ssl_ciph.c | 2 +-
3 files changed, 11 insertions(+), 3 deletions(-)
diff --git a/apps/ts.c b/apps/ts.c
index eda5297..14c533b 100644
--- a/apps/ts.c
+++ b/apps/ts.c
@@ -890,9 +890,15 @@ static TS_VERIFY_CTX *create_verify_ctx(const char *data, const char *digest,
goto err;
f = TS_VFY_VERSION | TS_VFY_SIGNER;
if (data != NULL) {
+ BIO *out = NULL;
+
f |= TS_VFY_DATA;
- if (TS_VERIFY_CTX_set_data(ctx, BIO_new_file(data, "rb")) == NULL)
+ if ((out = BIO_new_file(data, "rb")) == NULL)
+ goto err;
+ if (TS_VERIFY_CTX_set_data(ctx, out) == NULL) {
+ BIO_free_all(out);
goto err;
+ }
} else if (digest != NULL) {
long imprint_len;
unsigned char *hexstr = OPENSSL_hexstr2buf(digest, &imprint_len);
diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
index 66437e0..fa5bd03 100644
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -254,8 +254,10 @@ static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
}
if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), 0,
- ptype, pval, ep, eplen))
+ ptype, pval, ep, eplen)) {
+ OPENSSL_free(ep);
return 0;
+ }
return 1;
}
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 99b64bb..dad2ec1 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1827,7 +1827,7 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
if (id < 193 || id > 255) {
SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE);
- return 0;
+ return 1;
}
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
More information about the openssl-commits
mailing list