generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix various memory leaks in SSL, apps and DSA

Browse Source
This commit is contained in:
Dr. Stephen Henson 1999-02-15 21:05:21 +00:00
parent 1750ebcba9
commit a8236c8c32
11 changed files with 45 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGES
View File

@ -5,9 +5,15 @@
Changes between 0.9.1c and 0.9.2 Changes between 0.9.1c and 0.9.2
*) Run extensive memory leak checks on SSL apps. Fixed *lots* of memory
leaks in ssl/ relating to new X509_get_pubkey() behaviour. Also fixes
in apps/ and an unrellated leak in crypto/dsa/dsa_vrf.c
[Steve Henson]
*) Support for RAW extensions where an arbitrary extension can be *) Support for RAW extensions where an arbitrary extension can be
created by including its DER encoding. See apps/openssl.cnf for created by including its DER encoding. See apps/openssl.cnf for
an example. an example.
[Steve Henson]
*) Make sure latest Perl versions don't interpret some generated C array *) Make sure latest Perl versions don't interpret some generated C array
code as Perl array code in the crypto/err/err_genc.pl script. code as Perl array code in the crypto/err/err_genc.pl script.

10
apps/s_cb.c
View File

@ -156,9 +156,13 @@ char *key_file;
ssl=SSL_new(ctx); ssl=SSL_new(ctx);
x509=SSL_get_certificate(ssl); x509=SSL_get_certificate(ssl);
if (x509 != NULL) if (x509 != NULL) {
EVP_PKEY_copy_parameters(X509_get_pubkey(x509), EVP_PKEY *pktmp;
SSL_get_privatekey(ssl)); pktmp = X509_get_pubkey(x509);
EVP_PKEY_copy_parameters(pktmp,
SSL_get_privatekey(ssl));
EVP_PKEY_free(pktmp);
}
SSL_free(ssl); SSL_free(ssl);
*/ */

8
apps/s_client.c
View File

@ -743,9 +743,13 @@ int full;
BIO_printf(bio,"%s, Cipher is %s\n", BIO_printf(bio,"%s, Cipher is %s\n",
SSL_CIPHER_get_version(c), SSL_CIPHER_get_version(c),
SSL_CIPHER_get_name(c)); SSL_CIPHER_get_name(c));
if (peer != NULL) if (peer != NULL) {
EVP_PKEY *pktmp;
pktmp = X509_get_pubkey(peer);
BIO_printf(bio,"Server public key is %d bit\n", BIO_printf(bio,"Server public key is %d bit\n",
EVP_PKEY_bits(X509_get_pubkey(peer))); EVP_PKEY_bits(pktmp));
EVP_PKEY_free(pktmp);
}
SSL_SESSION_print(bio,SSL_get_session(s)); SSL_SESSION_print(bio,SSL_get_session(s));
BIO_printf(bio,"---\n"); BIO_printf(bio,"---\n");
if (peer != NULL) if (peer != NULL)

6
apps/sc.c
View File

@ -770,8 +770,12 @@ int full;
SSL_CIPHER_get_version(c), SSL_CIPHER_get_version(c),
SSL_CIPHER_get_name(c)); SSL_CIPHER_get_name(c));
if (peer != NULL) if (peer != NULL)
{
EVP_PKEY *pktmp;
BIO_printf(bio,"Server public key is %d bit\n", BIO_printf(bio,"Server public key is %d bit\n",
EVP_PKEY_bits(X509_get_pubkey(peer))); EVP_PKEY_bits(pktmp));
EVP_PKEY_free(pktmp);
}
SSL_SESSION_print(bio,SSL_get_session(s)); SSL_SESSION_print(bio,SSL_get_session(s));
BIO_printf(bio,"---\n"); BIO_printf(bio,"---\n");
if (peer != NULL) if (peer != NULL)

1
crypto/dsa/dsa_vrf.c
View File

@ -91,7 +91,6 @@ DSA *dsa;
int ret = -1; int ret = -1;
if ((ctx=BN_CTX_new()) == NULL) goto err; if ((ctx=BN_CTX_new()) == NULL) goto err;
if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
BN_init(&u1); BN_init(&u1);
BN_init(&u2); BN_init(&u2);

6
ssl/s2_clnt.c
View File

@ -953,8 +953,9 @@ unsigned char *data;
goto err; goto err;
ret=1; ret=1;
err: err:
if (sk != NULL) sk_free(sk); sk_free(sk);
if (x509 != NULL) X509_free(x509); X509_free(x509);
EVP_PKEY_free(pkey);
return(ret); return(ret);
} }
@ -985,6 +986,7 @@ int padding;
if (i < 0) if (i < 0)
SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,ERR_R_RSA_LIB); SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,ERR_R_RSA_LIB);
end: end:
EVP_PKEY_free(pkey);
return(i); return(i);
} }

5
ssl/s2_srvr.c
View File

@ -910,6 +910,7 @@ SSL *s;
pkey=X509_get_pubkey(x509); pkey=X509_get_pubkey(x509);
if (pkey == NULL) goto end; if (pkey == NULL) goto end;
i=EVP_VerifyFinal(&ctx,p,s->s2->tmp.rlen,pkey); i=EVP_VerifyFinal(&ctx,p,s->s2->tmp.rlen,pkey);
EVP_PKEY_free(pkey);
memset(&ctx,0,sizeof(ctx)); memset(&ctx,0,sizeof(ctx));
if (i) if (i)
@ -933,8 +934,8 @@ msg_end:
ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE); ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE);
} }
end: end:
if (sk != NULL) sk_free(sk); sk_free(sk);
if (x509 != NULL) X509_free(x509); X509_free(x509);
return(ret); return(ret);
} }

1
ssl/s3_both.c
View File

@ -404,6 +404,7 @@ EVP_PKEY *pkey;
ret= -1; ret= -1;
err: err:
if(!pkey) EVP_PKEY_free(pk);
return(ret); return(ret);
} }

9
ssl/s3_clnt.c
View File

@ -814,8 +814,9 @@ f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,al); ssl3_send_alert(s,SSL3_AL_FATAL,al);
} }
err: err:
if (x != NULL) X509_free(x); EVP_PKEY_free(pkey);
if (sk != NULL) sk_pop_free(sk,X509_free); X509_free(x);
sk_pop_free(sk,X509_free);
return(ret); return(ret);
} }
@ -1103,11 +1104,12 @@ SSL *s;
goto f_err; goto f_err;
} }
} }
EVP_PKEY_free(pkey);
return(1); return(1);
f_err: f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,al); ssl3_send_alert(s,SSL3_AL_FATAL,al);
err: err:
EVP_PKEY_free(pkey);
return(-1); return(-1);
} }
@ -1622,6 +1624,7 @@ SSL *s;
idx=c->cert_type; idx=c->cert_type;
pkey=X509_get_pubkey(c->pkeys[idx].x509); pkey=X509_get_pubkey(c->pkeys[idx].x509);
i=X509_certificate_type(c->pkeys[idx].x509,pkey); i=X509_certificate_type(c->pkeys[idx].x509,pkey);
EVP_PKEY_free(pkey);
/* Check that we have a certificate if we require one */ /* Check that we have a certificate if we require one */

1
ssl/s3_srvr.c
View File

@ -1510,6 +1510,7 @@ f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,al); ssl3_send_alert(s,SSL3_AL_FATAL,al);
} }
end: end:
EVP_PKEY_free(pkey);
return(ret); return(ret);
} }

8
ssl/ssl_rsa.c
View File

@ -229,8 +229,10 @@ EVP_PKEY *pkey;
if (c->pkeys[i].x509 != NULL) if (c->pkeys[i].x509 != NULL)
{ {
EVP_PKEY_copy_parameters( EVP_PKEY *pktmp;
X509_get_pubkey(c->pkeys[i].x509),pkey); pktmp = X509_get_pubkey(c->pkeys[i].x509);
EVP_PKEY_copy_parameters(pktmp,pkey);
EVP_PKEY_free(pktmp);
ERR_clear_error(); ERR_clear_error();
#ifndef NO_RSA #ifndef NO_RSA
@ -503,6 +505,7 @@ X509 *x;
if (i < 0) if (i < 0)
{ {
SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE); SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
EVP_PKEY_free(pkey);
return(0); return(0);
} }
@ -549,6 +552,7 @@ X509 *x;
else else
ok=1; ok=1;
EVP_PKEY_free(pkey);
if (bad) if (bad)
{ {
EVP_PKEY_free(c->pkeys[i].privatekey); EVP_PKEY_free(c->pkeys[i].privatekey);