[openssl-commits] [openssl] master update

bernd.edlinger at hotmail.de bernd.edlinger at hotmail.de
Thu Jan 31 18:12:58 UTC 2019


The branch master has been updated
       via  a727627922b8a9ec6628ffaa2054b4b3833d674b (commit)
      from  62b563b9df161a992fde18a0cb0d1a0969158412 (commit)


- Log -----------------------------------------------------------------
commit a727627922b8a9ec6628ffaa2054b4b3833d674b
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date:   Tue Jan 29 14:16:28 2019 +0100

    Fix a memory leak with di2_X509_CRL reuse
    
    Additionally avoid undefined behavior with
    in-place memcpy in X509_CRL_digest.
    
    Fixes #8099
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/8112)

-----------------------------------------------------------------------

Summary of changes:
 crypto/x509/x_crl.c | 12 ++++++++++++
 test/crltest.c      | 15 +++++++++++++++
 2 files changed, 27 insertions(+)

diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c
index 89e13e8..3984f01 100644
--- a/crypto/x509/x_crl.c
+++ b/crypto/x509/x_crl.c
@@ -158,6 +158,18 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
     int idx;
 
     switch (operation) {
+    case ASN1_OP_D2I_PRE:
+        if (crl->meth->crl_free) {
+            if (!crl->meth->crl_free(crl))
+                return 0;
+        }
+        AUTHORITY_KEYID_free(crl->akid);
+        ISSUING_DIST_POINT_free(crl->idp);
+        ASN1_INTEGER_free(crl->crl_number);
+        ASN1_INTEGER_free(crl->base_crl_number);
+        sk_GENERAL_NAMES_pop_free(crl->issuers, GENERAL_NAMES_free);
+        /* fall thru */
+
     case ASN1_OP_NEW_POST:
         crl->idp = NULL;
         crl->akid = NULL;
diff --git a/test/crltest.c b/test/crltest.c
index 3b0fab7..6a2ef4e 100644
--- a/test/crltest.c
+++ b/test/crltest.c
@@ -357,6 +357,20 @@ static int test_unknown_critical_crl(int n)
     return r;
 }
 
+static int test_reuse_crl(void)
+{
+    X509_CRL *reused_crl = CRL_from_strings(kBasicCRL);
+    char *p;
+    BIO *b = glue2bio(kRevokedCRL, &p);
+
+    reused_crl = PEM_read_bio_X509_CRL(b, &reused_crl, NULL, NULL);
+
+    OPENSSL_free(p);
+    BIO_free(b);
+    X509_CRL_free(reused_crl);
+    return 1;
+}
+
 int setup_tests(void)
 {
     if (!TEST_ptr(test_root = X509_from_strings(kCRLTestRoot))
@@ -368,6 +382,7 @@ int setup_tests(void)
     ADD_TEST(test_bad_issuer_crl);
     ADD_TEST(test_known_critical_crl);
     ADD_ALL_TESTS(test_unknown_critical_crl, OSSL_NELEM(unknown_critical_crls));
+    ADD_TEST(test_reuse_crl);
     return 1;
 }
 


More information about the openssl-commits mailing list