[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Matt Caswell matt at openssl.org
Tue May 8 07:50:53 UTC 2018


The branch OpenSSL_1_1_0-stable has been updated
       via  2ddfe60be50bfeebd64e01b123fd7176e7226c87 (commit)
      from  414d19d0341407b211c64729df37889e2c572e12 (commit)


- Log -----------------------------------------------------------------
commit 2ddfe60be50bfeebd64e01b123fd7176e7226c87
Author: Matt Caswell <matt at openssl.org>
Date:   Tue May 1 09:29:17 2018 +0100

    Fix a mem leak in CMS
    
    The function CMS_RecipientInfo_set0_pkey() is a "set0" and therefore
    memory management passes to OpenSSL. If the same function is called again
    then we should ensure that any previous value that was set is freed first
    before we set it again.
    
    Fixes #5052
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/6142)
    
    (cherry picked from commit 3d551b20df1acd01f80d3ae00d37177e0fdf344a)

-----------------------------------------------------------------------

Summary of changes:
 crypto/cms/cms_env.c   | 1 +
 crypto/cms/cms_smime.c | 1 +
 2 files changed, 2 insertions(+)

diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c
index 8d45943..3ecda30 100644
--- a/crypto/cms/cms_env.c
+++ b/crypto/cms/cms_env.c
@@ -282,6 +282,7 @@ int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey)
         CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY, CMS_R_NOT_KEY_TRANSPORT);
         return 0;
     }
+    EVP_PKEY_free(ri->d.ktri->pkey);
     ri->d.ktri->pkey = pkey;
     return 1;
 }
diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c
index 7e7b6e5..76883bf 100644
--- a/crypto/cms/cms_smime.c
+++ b/crypto/cms/cms_smime.c
@@ -631,6 +631,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
          * all.
          */
         else if (!cert || !CMS_RecipientInfo_ktri_cert_cmp(ri, cert)) {
+            EVP_PKEY_up_ref(pk);
             CMS_RecipientInfo_set0_pkey(ri, pk);
             r = CMS_RecipientInfo_decrypt(cms, ri);
             CMS_RecipientInfo_set0_pkey(ri, NULL);


More information about the openssl-commits mailing list