[openssl-dev] [openssl.org #3679] Memory leak in ssl_cert_dup (ssl/ssl_cert.c)
David Ramos via RT
rt at openssl.org
Wed Jan 28 09:49:06 UTC 2015
Hello,
Our UC-KLEE tool found a memory leak in ssl_cert_dup (ssl/ssl_cert.c). The bug affects commit 43257b9f51de749262258668c77c2f0f99d7a15b from the 1.0.2 branch, but it appears to date back many years.
On line 222 of ssl/ssl_cert.c, ssl_cert_dup() allocates a new CERT:
ret = (CERT *)OPENSSL_malloc(sizeof(CERT));
If any of the subsequent allocations or _dup()’s fail, we jump to ‘err’, which frees many of the fields within ‘ret’, but forgets to free ‘ret’ itself (leaking 728 bytes on my x86_64 Linux build). I believe there needs to be a call to:
OPENSSL_free(ret);
before the 'return NULL' at line 440.
Please let me know if you have any questions.
Thanks,
-David
More information about the openssl-dev
mailing list