[openssl-commits] [openssl] OpenSSL_1_1_1-stable update
bernd.edlinger at hotmail.de
bernd.edlinger at hotmail.de
Thu Jan 31 18:14:24 UTC 2019
The branch OpenSSL_1_1_1-stable has been updated
via 7193394aeea6422694bff5bb0c4f9e101f5ce44f (commit)
from 822e6d95e063a8fb6cd6b8e272dc5d9338c72601 (commit)
- Log -----------------------------------------------------------------
commit 7193394aeea6422694bff5bb0c4f9e101f5ce44f
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date: Tue Jan 29 14:16:28 2019 +0100
Fix a memory leak with di2_X509_CRL reuse
Additionally avoid undefined behavior with
in-place memcpy in X509_CRL_digest.
Fixes #8099
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8112)
(cherry picked from commit a727627922b8a9ec6628ffaa2054b4b3833d674b)
-----------------------------------------------------------------------
Summary of changes:
crypto/x509/x_crl.c | 12 ++++++++++++
test/crltest.c | 15 +++++++++++++++
2 files changed, 27 insertions(+)
diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c
index 10733b5..a326451 100644
--- a/crypto/x509/x_crl.c
+++ b/crypto/x509/x_crl.c
@@ -158,6 +158,18 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
int idx;
switch (operation) {
+ case ASN1_OP_D2I_PRE:
+ if (crl->meth->crl_free) {
+ if (!crl->meth->crl_free(crl))
+ return 0;
+ }
+ AUTHORITY_KEYID_free(crl->akid);
+ ISSUING_DIST_POINT_free(crl->idp);
+ ASN1_INTEGER_free(crl->crl_number);
+ ASN1_INTEGER_free(crl->base_crl_number);
+ sk_GENERAL_NAMES_pop_free(crl->issuers, GENERAL_NAMES_free);
+ /* fall thru */
+
case ASN1_OP_NEW_POST:
crl->idp = NULL;
crl->akid = NULL;
diff --git a/test/crltest.c b/test/crltest.c
index 4d35fd4..6ce9890 100644
--- a/test/crltest.c
+++ b/test/crltest.c
@@ -357,6 +357,20 @@ static int test_unknown_critical_crl(int n)
return r;
}
+static int test_reuse_crl(void)
+{
+ X509_CRL *reused_crl = CRL_from_strings(kBasicCRL);
+ char *p;
+ BIO *b = glue2bio(kRevokedCRL, &p);
+
+ reused_crl = PEM_read_bio_X509_CRL(b, &reused_crl, NULL, NULL);
+
+ OPENSSL_free(p);
+ BIO_free(b);
+ X509_CRL_free(reused_crl);
+ return 1;
+}
+
int setup_tests(void)
{
if (!TEST_ptr(test_root = X509_from_strings(kCRLTestRoot))
@@ -368,6 +382,7 @@ int setup_tests(void)
ADD_TEST(test_bad_issuer_crl);
ADD_TEST(test_known_critical_crl);
ADD_ALL_TESTS(test_unknown_critical_crl, OSSL_NELEM(unknown_critical_crls));
+ ADD_TEST(test_reuse_crl);
return 1;
}
More information about the openssl-commits
mailing list