[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
Richard Levitte
levitte at openssl.org
Mon May 14 06:57:32 UTC 2018
The branch OpenSSL_1_0_2-stable has been updated
via 66e4a8944b894b9301226bad193a7d8ec330742d (commit)
from f54b665e29a0ed8df2ea322a1f9e1b8057f13894 (commit)
- Log -----------------------------------------------------------------
commit 66e4a8944b894b9301226bad193a7d8ec330742d
Author: Pavel Kopyl <p.kopyl at samsung.com>
Date: Fri Nov 3 18:18:59 2017 +0300
Fix memory leaks in CA related functions.
(cherry picked from commit aebd0e5ca12d1ba0b229a4121a54afa5ea2d8aa1)
Reviewed-by: Andy Polyakov <appro at openssl.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6238)
-----------------------------------------------------------------------
Summary of changes:
apps/ca.c | 5 ++++-
apps/verify.c | 1 +
crypto/conf/conf_api.c | 2 ++
crypto/engine/eng_lib.c | 6 ++++--
4 files changed, 11 insertions(+), 3 deletions(-)
diff --git a/apps/ca.c b/apps/ca.c
index 4f9de54..31e8773 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1176,10 +1176,13 @@ int MAIN(int argc, char **argv)
if (j > 0) {
total_done++;
BIO_printf(bio_err, "\n");
- if (!BN_add_word(serial, 1))
+ if (!BN_add_word(serial, 1)) {
+ X509_free(x);
goto err;
+ }
if (!sk_X509_push(cert_sk, x)) {
BIO_printf(bio_err, "Memory allocation failure\n");
+ X509_free(x);
goto err;
}
}
diff --git a/apps/verify.c b/apps/verify.c
index c4bd197..180ccf4 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -277,6 +277,7 @@ static int check(X509_STORE *ctx, char *file,
X509_STORE_set_flags(ctx, vflags);
if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) {
ERR_print_errors(bio_err);
+ X509_STORE_CTX_free(csc);
goto end;
}
if (tchain)
diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c
index 4cf7553..60c9440 100644
--- a/crypto/conf/conf_api.c
+++ b/crypto/conf/conf_api.c
@@ -290,6 +290,8 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const char *section)
vv = lh_CONF_VALUE_insert(conf->data, v);
OPENSSL_assert(vv == NULL);
+ if (lh_CONF_VALUE_error(conf->data) > 0)
+ goto err;
ok = 1;
err:
if (!ok) {
diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c
index dc2abd2..b7a899f 100644
--- a/crypto/engine/eng_lib.c
+++ b/crypto/engine/eng_lib.c
@@ -188,8 +188,10 @@ void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb)
if (!int_cleanup_check(1))
return;
item = int_cleanup_item(cb);
- if (item)
- sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item);
+ if (item != NULL) {
+ if (sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item) <= 0)
+ OPENSSL_free(item);
+ }
}
/* The API function that performs all cleanup */
More information about the openssl-commits
mailing list