[openssl/openssl] 6c7093: Fix a possible memory leak in req_main

Bernd Edlinger noreply at github.com
Wed Jan 24 10:56:51 UTC 2024


  Branch: refs/heads/openssl-3.0
  Home:   https://github.com/openssl/openssl
  Commit: 6c70934a46eaa1734c2efbe9d7baac51c607062e
      https://github.com/openssl/openssl/commit/6c70934a46eaa1734c2efbe9d7baac51c607062e
  Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
  Date:   2024-01-24 (Wed, 24 Jan 2024)

  Changed paths:
    M apps/req.c

  Log Message:
  -----------
  Fix a possible memory leak in req_main

if the private key is output to stdout using the HARNESS_OSSL_PREFIX,
out is a stack of BIOs and must therefore free'd using BIO_free_all.

Steps to reproduce:

$ HARNESS_OSSL_PREFIX=x OPENSSL_CONF=apps/openssl.cnf util/shlib_wrap.sh apps/openssl req -new -keyout - -passout pass: </dev/null
[...]
Direct leak of 128 byte(s) in 1 object(s) allocated from:
    #0 0x7f6f692b89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
    #1 0x7f6f686eda00 in CRYPTO_malloc crypto/mem.c:202
    #2 0x7f6f686edba0 in CRYPTO_zalloc crypto/mem.c:222
    #3 0x7f6f68471bdf in BIO_new_ex crypto/bio/bio_lib.c:83
    #4 0x7f6f68491a8f in BIO_new_fp crypto/bio/bss_file.c:95
    #5 0x555c5f58b378 in dup_bio_out apps/lib/apps.c:3014
    #6 0x555c5f58f9ac in bio_open_default_ apps/lib/apps.c:3175
    #7 0x555c5f58f9ac in bio_open_default apps/lib/apps.c:3203
    #8 0x555c5f528537 in req_main apps/req.c:683
    #9 0x555c5f50e315 in do_cmd apps/openssl.c:426
    #10 0x555c5f4c5575 in main apps/openssl.c:307
    #11 0x7f6f680461c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

SUMMARY: AddressSanitizer: 128 byte(s) leaked in 1 allocation(s).

Reviewed-by: Tom Cosgrove <tom.cosgrove at arm.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23365)

(cherry picked from commit ff78d94b131d7bb3b761509d3ce0dd864b1420e3)




More information about the openssl-commits mailing list