[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
Rich Salz
rsalz at openssl.org
Tue Feb 21 19:36:08 UTC 2017
The branch OpenSSL_1_1_0-stable has been updated
via ded9d1076cffc912ed7c40256b6202876a2b6caa (commit)
via 1d5936e478194798a287e165b81d27a1bcceaae8 (commit)
from c6a9f005be1cf8e29a0985643b27b9548bcfdee2 (commit)
- Log -----------------------------------------------------------------
commit ded9d1076cffc912ed7c40256b6202876a2b6caa
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date: Sun Feb 19 20:13:45 2017 +0100
Fix some more memory leaks with TXT_DB_insert.
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2684)
(cherry picked from commit 0fbaef9e64fa10446aff805791befaa2b967e322)
commit 1d5936e478194798a287e165b81d27a1bcceaae8
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date: Sun Feb 19 18:12:03 2017 +0100
Fix a few memleaks in TXT_DB.
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2684)
(cherry picked from commit 9ad52c562a93c9a57ae3024e54c575430753244c)
-----------------------------------------------------------------------
Summary of changes:
apps/ca.c | 28 ++++++++++++++++++----------
apps/srp.c | 4 +---
crypto/txt_db/txt_db.c | 35 ++++++++++++++++++++++++++---------
3 files changed, 45 insertions(+), 22 deletions(-)
diff --git a/apps/ca.c b/apps/ca.c
index 1fb7b08..350a748 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1838,10 +1838,8 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
}
irow = app_malloc(sizeof(*irow) * (DB_NUMBER + 1), "row space");
- for (i = 0; i < DB_NUMBER; i++) {
+ for (i = 0; i < DB_NUMBER; i++)
irow[i] = row[i];
- row[i] = NULL;
- }
irow[DB_NUMBER] = NULL;
if (!TXT_DB_insert(db->db, irow)) {
@@ -1849,10 +1847,14 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error);
goto end;
}
+ irow = NULL;
ok = 1;
end:
- for (i = 0; i < DB_NUMBER; i++)
- OPENSSL_free(row[i]);
+ if (irow != NULL) {
+ for (i = 0; i < DB_NUMBER; i++)
+ OPENSSL_free(row[i]);
+ OPENSSL_free(irow);
+ }
X509_NAME_free(CAname);
X509_NAME_free(subject);
@@ -2061,19 +2063,26 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
row[DB_rev_date] = NULL;
row[DB_file] = OPENSSL_strdup("unknown");
+ if (row[DB_type] == NULL || row[DB_file] == NULL) {
+ BIO_printf(bio_err, "Memory allocation failure\n");
+ goto end;
+ }
+
irow = app_malloc(sizeof(*irow) * (DB_NUMBER + 1), "row ptr");
- for (i = 0; i < DB_NUMBER; i++) {
+ for (i = 0; i < DB_NUMBER; i++)
irow[i] = row[i];
- row[i] = NULL;
- }
irow[DB_NUMBER] = NULL;
if (!TXT_DB_insert(db->db, irow)) {
BIO_printf(bio_err, "failed to update database\n");
BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error);
+ OPENSSL_free(irow);
goto end;
}
+ for (i = 0; i < DB_NUMBER; i++)
+ row[i] = NULL;
+
/* Revoke Certificate */
if (type == -1)
ok = 1;
@@ -2106,9 +2115,8 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
}
ok = 1;
end:
- for (i = 0; i < DB_NUMBER; i++) {
+ for (i = 0; i < DB_NUMBER; i++)
OPENSSL_free(row[i]);
- }
return (ok);
}
diff --git a/apps/srp.c b/apps/srp.c
index add0100..253a3a3 100644
--- a/apps/srp.c
+++ b/apps/srp.c
@@ -92,10 +92,8 @@ static int update_index(CA_DB *db, char **row)
int i;
irow = app_malloc(sizeof(*irow) * (DB_NUMBER + 1), "row pointers");
- for (i = 0; i < DB_NUMBER; i++) {
+ for (i = 0; i < DB_NUMBER; i++)
irow[i] = row[i];
- row[i] = NULL;
- }
irow[DB_NUMBER] = NULL;
if (!TXT_DB_insert(db->db, irow)) {
diff --git a/crypto/txt_db/txt_db.c b/crypto/txt_db/txt_db.c
index 1432230..cf932a5 100644
--- a/crypto/txt_db/txt_db.c
+++ b/crypto/txt_db/txt_db.c
@@ -104,12 +104,15 @@ TXT_DB *TXT_DB_read(BIO *in, int num)
}
*(p++) = '\0';
if ((n != num) || (*f != '\0')) {
+ OPENSSL_free(pp);
ret->error = DB_ERROR_WRONG_NUM_FIELDS;
goto err;
}
pp[n] = p;
- if (!sk_OPENSSL_PSTRING_push(ret->data, pp))
+ if (!sk_OPENSSL_PSTRING_push(ret->data, pp)) {
+ OPENSSL_free(pp);
goto err;
+ }
}
BUF_MEM_free(buf);
return ret;
@@ -148,7 +151,7 @@ int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *),
OPENSSL_LH_HASHFUNC hash, OPENSSL_LH_COMPFUNC cmp)
{
LHASH_OF(OPENSSL_STRING) *idx;
- OPENSSL_STRING *r;
+ OPENSSL_STRING *r, *k;
int i, n;
if (field >= db->num_fields) {
@@ -165,13 +168,18 @@ int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *),
r = sk_OPENSSL_PSTRING_value(db->data, i);
if ((qual != NULL) && (qual(r) == 0))
continue;
- if ((r = lh_OPENSSL_STRING_insert(idx, r)) != NULL) {
+ if ((k = lh_OPENSSL_STRING_insert(idx, r)) != NULL) {
db->error = DB_ERROR_INDEX_CLASH;
- db->arg1 = sk_OPENSSL_PSTRING_find(db->data, r);
+ db->arg1 = sk_OPENSSL_PSTRING_find(db->data, k);
db->arg2 = i;
lh_OPENSSL_STRING_free(idx);
return (0);
}
+ if (lh_OPENSSL_STRING_retrieve(idx, r) == NULL) {
+ db->error = DB_ERROR_MALLOC;
+ lh_OPENSSL_STRING_free(idx);
+ return (0);
+ }
}
lh_OPENSSL_STRING_free(db->index[field]);
db->index[field] = idx;
@@ -244,20 +252,29 @@ int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *row)
}
}
}
- /* We have passed the index checks, now just append and insert */
- if (!sk_OPENSSL_PSTRING_push(db->data, row)) {
- db->error = DB_ERROR_MALLOC;
- goto err;
- }
for (i = 0; i < db->num_fields; i++) {
if (db->index[i] != NULL) {
if ((db->qual[i] != NULL) && (db->qual[i] (row) == 0))
continue;
(void)lh_OPENSSL_STRING_insert(db->index[i], row);
+ if (lh_OPENSSL_STRING_retrieve(db->index[i], row) == NULL)
+ goto err1;
}
}
+ if (!sk_OPENSSL_PSTRING_push(db->data, row))
+ goto err1;
return (1);
+
+ err1:
+ db->error = DB_ERROR_MALLOC;
+ while (i-- > 0) {
+ if (db->index[i] != NULL) {
+ if ((db->qual[i] != NULL) && (db->qual[i] (row) == 0))
+ continue;
+ (void)lh_OPENSSL_STRING_delete(db->index[i], row);
+ }
+ }
err:
return (0);
}
More information about the openssl-commits
mailing list