[openssl-dev] [openssl.org #4134] [BUG] Memory leak in STORE_store_private_key()
Григорий Загон via RT
rt at openssl.org
Wed Nov 11 04:15:16 UTC 2015
Hello!
I work with openssl 1.0.2d, and I found a memory leak in
STORE_store_private_key() function (defined in crypto/store/str_lib.c).
Here is a code fragment:
465:int STORE_store_private_key(STORE *s, EVP_PKEY *data,
466: OPENSSL_ITEM attributes[],
467: OPENSSL_ITEM parameters[])
468:{
469: STORE_OBJECT *object;
470: int i;
471:
472: check_store(s, STORE_F_STORE_STORE_PRIVATE_KEY,
473: store_object, STORE_R_NO_STORE_OBJECT_FUNCTION);
474:
475: object = STORE_OBJECT_new();
476: if (!object) {
477: STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, ERR_R_MALLOC_FAILURE);
478: return 0;
479: }
480: object->data.key = EVP_PKEY_new();
481: if (!object->data.key) {
482: STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, ERR_R_MALLOC_FAILURE);
483: return 0;
484: }
485:
486: CRYPTO_add(&data->references, 1, CRYPTO_LOCK_EVP_PKEY);
487:#ifdef REF_PRINT
488: REF_PRINT("EVP_PKEY", data);
489:#endif
490: object->data.key = data;
At line 480 pointer to newly allocated key object is stored in
'object->data.key' variable.
At line 490 variable 'object->data.key' is overwritten with new value. So,
memory allocated at line 480 will never be freed.
-------------- next part --------------
_______________________________________________
openssl-bugs-mod mailing list
openssl-bugs-mod at openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
More information about the openssl-dev
mailing list