[openssl-dev] [openssl.org #4134] [BUG] Memory leak in STORE_store_private_key()

[Richard Levitte via RT]

STORE is an experimental API that isn't used in 1.0.2 (or any earlier series).
For the next major version, the STORE API is being entirely rewritten. Please
stay tuned.

In the mean time, I'll simply close this ticket,

Vid Ons, 11 Nov 2015 kl. 04.15.16, skrev gzagon74 at gmail.com:
> Hello!
>
> I work with openssl 1.0.2d, and I found a memory leak in
> STORE_store_private_key() function (defined in crypto/store/str_lib.c).
> Here is a code fragment:
>
> 465:int STORE_store_private_key(STORE *s, EVP_PKEY *data,
> 466: OPENSSL_ITEM attributes[],
> 467: OPENSSL_ITEM parameters[])
> 468:{
> 469: STORE_OBJECT *object;
> 470: int i;
> 471:
> 472: check_store(s, STORE_F_STORE_STORE_PRIVATE_KEY,
> 473: store_object, STORE_R_NO_STORE_OBJECT_FUNCTION);
> 474:
> 475: object = STORE_OBJECT_new();
> 476: if (!object) {
> 477: STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, ERR_R_MALLOC_FAILURE);
> 478: return 0;
> 479: }
> 480: object->data.key = EVP_PKEY_new();
> 481: if (!object->data.key) {
> 482: STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, ERR_R_MALLOC_FAILURE);
> 483: return 0;
> 484: }
> 485:
> 486: CRYPTO_add(&data->references, 1, CRYPTO_LOCK_EVP_PKEY);
> 487:#ifdef REF_PRINT
> 488: REF_PRINT("EVP_PKEY", data);
> 489:#endif
> 490: object->data.key = data;
>
> At line 480 pointer to newly allocated key object is stored in
> 'object->data.key' variable.
> At line 490 variable 'object->data.key' is overwritten with new value. So,
> memory allocated at line 480 will never be freed.


--
Richard Levitte
levitte at openssl.org