[openssl] master update
tomas at openssl.org
tomas at openssl.org
Tue Oct 12 14:45:53 UTC 2021
The branch master has been updated
via 374d5cf2f6b8bdf87c04b5e293a7d291f2c23203 (commit)
via 922422119df1f6aabd2a15e6e4108d98b6143adf (commit)
from 58608487a44b3991ecc6d431d6273b2ca8c980a6 (commit)
- Log -----------------------------------------------------------------
commit 374d5cf2f6b8bdf87c04b5e293a7d291f2c23203
Author: Tomas Mraz <tomas at openssl.org>
Date: Mon Oct 11 15:04:46 2021 +0200
cmp_vfy.c, encoder_lib.c: Fix potential leak of a BIO
Fixes #16787
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/16804)
commit 922422119df1f6aabd2a15e6e4108d98b6143adf
Author: Tomas Mraz <tomas at openssl.org>
Date: Mon Oct 11 15:03:47 2021 +0200
ctrl_params_translate: Fix leak of BN_CTX
Also add a missing allocation failure check.
Fixes #16788
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/16804)
-----------------------------------------------------------------------
Summary of changes:
crypto/cmp/cmp_vfy.c | 4 +++-
crypto/encode_decode/encoder_lib.c | 7 +++++--
crypto/evp/ctrl_params_translate.c | 3 +++
3 files changed, 11 insertions(+), 3 deletions(-)
diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c
index aa4665a562..b9d6fc2bdd 100644
--- a/crypto/cmp/cmp_vfy.c
+++ b/crypto/cmp/cmp_vfy.c
@@ -27,12 +27,14 @@ static int verify_signature(const OSSL_CMP_CTX *cmp_ctx,
{
OSSL_CMP_PROTECTEDPART prot_part;
EVP_PKEY *pubkey = NULL;
- BIO *bio = BIO_new(BIO_s_mem()); /* may be NULL */
+ BIO *bio;
int res = 0;
if (!ossl_assert(cmp_ctx != NULL && msg != NULL && cert != NULL))
return 0;
+ bio = BIO_new(BIO_s_mem()); /* may be NULL */
+
/* verify that keyUsage, if present, contains digitalSignature */
if (!cmp_ctx->ignore_keyusage
&& (X509_get_key_usage(cert) & X509v3_KU_DIGITAL_SIGNATURE) == 0) {
diff --git a/crypto/encode_decode/encoder_lib.c b/crypto/encode_decode/encoder_lib.c
index 6c20fbb3d1..cfd9275172 100644
--- a/crypto/encode_decode/encoder_lib.c
+++ b/crypto/encode_decode/encoder_lib.c
@@ -92,7 +92,7 @@ int OSSL_ENCODER_to_fp(OSSL_ENCODER_CTX *ctx, FILE *fp)
int OSSL_ENCODER_to_data(OSSL_ENCODER_CTX *ctx, unsigned char **pdata,
size_t *pdata_len)
{
- BIO *out = BIO_new(BIO_s_mem());
+ BIO *out;
BUF_MEM *buf = NULL;
int ret = 0;
@@ -101,7 +101,10 @@ int OSSL_ENCODER_to_data(OSSL_ENCODER_CTX *ctx, unsigned char **pdata,
return 0;
}
- if (OSSL_ENCODER_to_bio(ctx, out)
+ out = BIO_new(BIO_s_mem());
+
+ if (out != NULL
+ && OSSL_ENCODER_to_bio(ctx, out)
&& BIO_get_mem_ptr(out, &buf) > 0) {
ret = 1; /* Hope for the best. A too small buffer will clear this */
diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c
index 88945e13e6..b17ce3cbf9 100644
--- a/crypto/evp/ctrl_params_translate.c
+++ b/crypto/evp/ctrl_params_translate.c
@@ -1595,10 +1595,13 @@ static int get_payload_public_key(enum state state,
const EC_GROUP *ecg = EC_KEY_get0_group(eckey);
const EC_POINT *point = EC_KEY_get0_public_key(eckey);
+ if (bnctx == NULL)
+ return 0;
ctx->sz = EC_POINT_point2buf(ecg, point,
POINT_CONVERSION_COMPRESSED,
&buf, bnctx);
ctx->p2 = buf;
+ BN_CTX_free(bnctx);
break;
}
return 0;
More information about the openssl-commits
mailing list