[openssl] openssl-3.0 update

tomas at openssl.org tomas at openssl.org
Tue Oct 12 14:47:32 UTC 2021 

The branch openssl-3.0 has been updated
       via  5c863749f19c55506fdc63ce6dbaf2523d06297c (commit)
      from  a7731e5f8bd01d0aed5f262f7815a75269045c32 (commit)


- Log -----------------------------------------------------------------
commit 5c863749f19c55506fdc63ce6dbaf2523d06297c
Author: Tomas Mraz <tomas at openssl.org>
Date:   Mon Oct 11 15:04:46 2021 +0200

    cmp_vfy.c, encoder_lib.c: Fix potential leak of a BIO
    
    Fixes #16787
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
    (Merged from https://github.com/openssl/openssl/pull/16804)
    
    (cherry picked from commit 374d5cf2f6b8bdf87c04b5e293a7d291f2c23203)

-----------------------------------------------------------------------

Summary of changes:
 crypto/cmp/cmp_vfy.c               | 4 +++-
 crypto/encode_decode/encoder_lib.c | 7 +++++--
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c
index aa4665a562..b9d6fc2bdd 100644
--- a/crypto/cmp/cmp_vfy.c
+++ b/crypto/cmp/cmp_vfy.c
@@ -27,12 +27,14 @@ static int verify_signature(const OSSL_CMP_CTX *cmp_ctx,
 {
     OSSL_CMP_PROTECTEDPART prot_part;
     EVP_PKEY *pubkey = NULL;
-    BIO *bio = BIO_new(BIO_s_mem()); /* may be NULL */
+    BIO *bio;
     int res = 0;
 
     if (!ossl_assert(cmp_ctx != NULL && msg != NULL && cert != NULL))
         return 0;
 
+    bio = BIO_new(BIO_s_mem()); /* may be NULL */
+
     /* verify that keyUsage, if present, contains digitalSignature */
     if (!cmp_ctx->ignore_keyusage
             && (X509_get_key_usage(cert) & X509v3_KU_DIGITAL_SIGNATURE) == 0) {
diff --git a/crypto/encode_decode/encoder_lib.c b/crypto/encode_decode/encoder_lib.c
index 6c20fbb3d1..cfd9275172 100644
--- a/crypto/encode_decode/encoder_lib.c
+++ b/crypto/encode_decode/encoder_lib.c
@@ -92,7 +92,7 @@ int OSSL_ENCODER_to_fp(OSSL_ENCODER_CTX *ctx, FILE *fp)
 int OSSL_ENCODER_to_data(OSSL_ENCODER_CTX *ctx, unsigned char **pdata,
                          size_t *pdata_len)
 {
-    BIO *out = BIO_new(BIO_s_mem());
+    BIO *out;
     BUF_MEM *buf = NULL;
     int ret = 0;
 
@@ -101,7 +101,10 @@ int OSSL_ENCODER_to_data(OSSL_ENCODER_CTX *ctx, unsigned char **pdata,
         return 0;
     }
 
-    if (OSSL_ENCODER_to_bio(ctx, out)
+    out = BIO_new(BIO_s_mem());
+
+    if (out != NULL
+        && OSSL_ENCODER_to_bio(ctx, out)
         && BIO_get_mem_ptr(out, &buf) > 0) {
         ret = 1; /* Hope for the best. A too small buffer will clear this */

More information about the openssl-commits mailing list