[openssl] master update

bernd.edlinger at hotmail.de bernd.edlinger at hotmail.de
Thu Oct 14 12:57:49 UTC 2021 

The branch master has been updated
       via  19b30f1c596a8df2a522f9d6dfc1c1782790fc78 (commit)
       via  74b485848a608383d8d37c04480821ea7b613110 (commit)
      from  a85b4de6a6cbe03c46219d4b1c3b2828ca3fd51c (commit)


- Log -----------------------------------------------------------------
commit 19b30f1c596a8df2a522f9d6dfc1c1782790fc78
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date:   Wed Oct 13 06:37:46 2021 +0200

    Fix another memory leak reported in CIFuzz
    
    Direct leak of 2 byte(s) in 1 object(s) allocated from:
        #0 0x4a067d in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:129:3
        #1 0x57acd9 in CRYPTO_malloc /src/openssl/crypto/mem.c:184:12
        #2 0x57e106 in CRYPTO_strdup /src/openssl/crypto/o_str.c:24:11
        #3 0x5c139f in def_load_bio /src/openssl/crypto/conf/conf_def.c:427:45
        #4 0x56adf5 in NCONF_load_bio /src/openssl/crypto/conf/conf_lib.c:282:12
        #5 0x4d96cf in FuzzerTestOneInput /src/openssl/fuzz/conf.c:38:5
        #6 0x4d9830 in LLVMFuzzerTestOneInput /src/openssl/fuzz/driver.c:28:12
        #7 0x510c23 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) cxa_noexception.cpp
        #8 0x4fc4d2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
        #9 0x501f85 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) cxa_noexception.cpp
        #10 0x52ac82 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
        #11 0x7f15336bf0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16813)

commit 74b485848a608383d8d37c04480821ea7b613110
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date:   Tue Oct 12 19:38:14 2021 +0200

    Fix a memory leak reported in CIFuzz
    
    Direct leak of 4 byte(s) in 1 object(s) allocated from:
         #0 0x4a067d in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:129:3
         #1 0x57af0d in CRYPTO_malloc /src/openssl/crypto/mem.c:184:12
         #2 0x57af0d in CRYPTO_realloc /src/openssl/crypto/mem.c:207:16
         #3 0x569d17 in BUF_MEM_grow /src/openssl/crypto/buffer/buffer.c:97:15
         #4 0x5c3629 in str_copy /src/openssl/crypto/conf/conf_def.c:642:10
         #5 0x5c1cc1 in def_load_bio /src/openssl/crypto/conf/conf_def.c:452:22
         #6 0x56adf5 in NCONF_load_bio /src/openssl/crypto/conf/conf_lib.c:282:12
         #7 0x4d96cf in FuzzerTestOneInput /src/openssl/fuzz/conf.c:38:5
         #8 0x4d9830 in LLVMFuzzerTestOneInput /src/openssl/fuzz/driver.c:28:12
         #9 0x510c23 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) cxa_noexception.cpp
         #10 0x4fc4d2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
         #11 0x501f85 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) cxa_noexception.cpp
         #12 0x52ac82 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16813)

-----------------------------------------------------------------------

Summary of changes:
 crypto/conf/conf_api.c | 7 +++++--
 crypto/conf/conf_def.c | 2 ++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c
index e4e305c714..7a4efe6dbb 100644
--- a/crypto/conf/conf_api.c
+++ b/crypto/conf/conf_api.c
@@ -135,7 +135,11 @@ IMPLEMENT_LHASH_DOALL_ARG_CONST(CONF_VALUE, LH_CONF_VALUE);
 
 void _CONF_free_data(CONF *conf)
 {
-    if (conf == NULL || conf->data == NULL)
+    if (conf == NULL)
+        return;
+
+    OPENSSL_free(conf->includedir);
+    if (conf->data == NULL)
         return;
 
     /* evil thing to make sure the 'OPENSSL_free()' works as expected */
@@ -147,7 +151,6 @@ void _CONF_free_data(CONF *conf)
      * with
      */
 
-    OPENSSL_free(conf->includedir);
     lh_CONF_VALUE_doall(conf->data, value_free_stack_doall);
     lh_CONF_VALUE_free(conf->data);
 }
diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c
index 7b67854c8b..c05c3c6b10 100644
--- a/crypto/conf/conf_def.c
+++ b/crypto/conf/conf_def.c
@@ -424,6 +424,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
                     if (!parsebool(pval, &conf->flag_abspath))
                         goto err;
                 } else if (strcmp(p, "includedir") == 0) {
+                    OPENSSL_free(conf->includedir);
                     if ((conf->includedir = OPENSSL_strdup(pval)) == NULL) {
                         ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE);
                         goto err;
@@ -474,6 +475,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
                 if (conf->flag_abspath
                         && !ossl_is_absolute_path(include_path)) {
                     ERR_raise(ERR_LIB_CONF, CONF_R_RELATIVE_PATH);
+                    OPENSSL_free(include_path);
                     goto err;
                 }

More information about the openssl-commits mailing list