[openssl-dev] [openssl.org #4401] [PATCH] plug potential memory leak(s) in OpenSSL 1.1 pre 4 in 'ec_lib.c'
Bill Parker via RT
rt at openssl.org
Tue Mar 8 18:58:24 UTC 2016
Hello All,
In reviewing code in directory 'crypto/ec', file 'ec_lib.c'', there
appears to be allocated memory which is not released when a return 0;
is encountered in some cases of OPENSSL_malloc(). The patch file below
should address/correct these minor leaks:
--- ec_lib.c.orig 2016-03-08 10:46:45.885643748 -0800
+++ ec_lib.c 2016-03-08 10:53:51.196698596 -0800
@@ -231,8 +231,11 @@
if (src->generator != NULL) {
if (dest->generator == NULL) {
dest->generator = EC_POINT_new(dest);
- if (dest->generator == NULL)
+ if (dest->generator == NULL) {
+ if (dest->mont_data != NULL)
+ BN_MONT_CTX_free(dest->mont_data);
return 0;
+ }
}
if (!EC_POINT_copy(dest->generator, src->generator))
return 0;
@@ -256,7 +259,11 @@
if (src->seed) {
OPENSSL_free(dest->seed);
dest->seed = OPENSSL_malloc(src->seed_len);
- if (dest->seed == NULL)
+ if (dest->seed == NULL) {
+ if (dest->mont_data != NULL)
+ EC_POINT_clear_free(dest->mont_data);
+ if (dest->generator != NULL)
+ EC_POINT_clear_free(dest->generator);
return 0;
if (!memcpy(dest->seed, src->seed, src->seed_len))
return 0;
=======================================================================
Bill Parker (wp02855 at gmail dot com)
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4401
Please log in as guest with password guest if prompted
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ec_lib.c.patch
Type: application/octet-stream
Size: 998 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160308/ec88bd39/attachment-0001.obj>
More information about the openssl-dev
mailing list