Fix various memory leaks in SSL, apps and DSA

diff --git a/CHANGES b/CHANGES
index 7cc1ece6ebff61a3181ad3a0a53ee11a0f18eb61..043c7552a76f587f655ee899b19a7d7a15387880 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -5,9 +5,15 @@
 
  Changes between 0.9.1c and 0.9.2
 
+  *) Run extensive memory leak checks on SSL apps. Fixed *lots* of memory
+     leaks in ssl/ relating to new X509_get_pubkey() behaviour. Also fixes
+     in apps/ and an unrellated leak in crypto/dsa/dsa_vrf.c
+     [Steve Henson]
+
   *) Support for RAW extensions where an arbitrary extension can be
      created by including its DER encoding. See apps/openssl.cnf for
      an example.
+     [Steve Henson]
 
   *) Make sure latest Perl versions don't interpret some generated C array
      code as Perl array code in the crypto/err/err_genc.pl script.

diff --git a/apps/s_cb.c b/apps/s_cb.c
index 1a7b06e1ee076ed71a18b399f124db1e5018e933..ba0b548ea12bd4923032438e547437b667208b38 100644 (file)
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -156,9 +156,13 @@ char *key_file;
                ssl=SSL_new(ctx);
                x509=SSL_get_certificate(ssl);
 
-               if (x509 != NULL)
-                       EVP_PKEY_copy_parameters(X509_get_pubkey(x509),
-                               SSL_get_privatekey(ssl));
+               if (x509 != NULL) {
+                       EVP_PKEY *pktmp;
+                       pktmp = X509_get_pubkey(x509);
+                       EVP_PKEY_copy_parameters(pktmp,
+                                               SSL_get_privatekey(ssl));
+                       EVP_PKEY_free(pktmp);
+               }
                SSL_free(ssl);
                */
 

diff --git a/apps/s_client.c b/apps/s_client.c
index 2830785c9594f039c698368ae8edcef81318eef5..a75e8ae3112227b7e939ebc3ea7b24318008fc96 100644 (file)
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -743,9 +743,13 @@ int full;
        BIO_printf(bio,"%s, Cipher is %s\n",
                SSL_CIPHER_get_version(c),
                SSL_CIPHER_get_name(c));
-       if (peer != NULL)
+       if (peer != NULL) {
+               EVP_PKEY *pktmp;
+               pktmp = X509_get_pubkey(peer);
                BIO_printf(bio,"Server public key is %d bit\n",
-                       EVP_PKEY_bits(X509_get_pubkey(peer)));
+                                                        EVP_PKEY_bits(pktmp));
+               EVP_PKEY_free(pktmp);
+       }
        SSL_SESSION_print(bio,SSL_get_session(s));
        BIO_printf(bio,"---\n");
        if (peer != NULL)

diff --git a/apps/sc.c b/apps/sc.c
index f6015e83290a58aab9f05d3a942b271acfab2db2..fccd805921924ca08407f46d798dd8fbf920b981 100644 (file)
--- a/apps/sc.c
+++ b/apps/sc.c
@@ -770,8 +770,12 @@ int full;
                SSL_CIPHER_get_version(c),
                SSL_CIPHER_get_name(c));
        if (peer != NULL)
+       {
+               EVP_PKEY *pktmp;
                BIO_printf(bio,"Server public key is %d bit\n",
-                       EVP_PKEY_bits(X509_get_pubkey(peer)));
+                                                       EVP_PKEY_bits(pktmp));
+               EVP_PKEY_free(pktmp);
+       }
        SSL_SESSION_print(bio,SSL_get_session(s));
        BIO_printf(bio,"---\n");
        if (peer != NULL)

diff --git a/crypto/dsa/dsa_vrf.c b/crypto/dsa/dsa_vrf.c
index 71cefbeaa47d36ad4701a21b57713f87b1386e66..37e8781dd621f3cccffbdb8f1faa78ecf58ac82e 100644 (file)
--- a/crypto/dsa/dsa_vrf.c
+++ b/crypto/dsa/dsa_vrf.c
@@ -91,7 +91,6 @@ DSA *dsa;
        int ret = -1;
 
        if ((ctx=BN_CTX_new()) == NULL) goto err;
-       if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
 
        BN_init(&u1);
        BN_init(&u2);

diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c
index 0c138420145a9d52a8adcac17ee8e18827916a47..9c8037b48bf682eba5a394a9c46f4c849e996b76 100644 (file)
--- a/ssl/s2_clnt.c
+++ b/ssl/s2_clnt.c
@@ -953,8 +953,9 @@ unsigned char *data;
                goto err;
        ret=1;
 err:
-       if (sk != NULL) sk_free(sk);
-       if (x509 != NULL) X509_free(x509);
+       sk_free(sk);
+       X509_free(x509);
+       EVP_PKEY_free(pkey);
        return(ret);
        }
 
@@ -985,6 +986,7 @@ int padding;
        if (i < 0)
                SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,ERR_R_RSA_LIB);
 end:
+       EVP_PKEY_free(pkey);
        return(i);
        }
 

diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c
index 7e8732f9cc275e7baa5837b1150e52831daf2c3d..8580ac6a8d0ceb5612bf6708b16a61e4c83e5684 100644 (file)
--- a/ssl/s2_srvr.c
+++ b/ssl/s2_srvr.c
@@ -910,6 +910,7 @@ SSL *s;
                pkey=X509_get_pubkey(x509);
                if (pkey == NULL) goto end;
                i=EVP_VerifyFinal(&ctx,p,s->s2->tmp.rlen,pkey);
+               EVP_PKEY_free(pkey);
                memset(&ctx,0,sizeof(ctx));
 
                if (i) 
@@ -933,8 +934,8 @@ msg_end:
                ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE);
                }
 end:
-       if (sk != NULL) sk_free(sk);
-       if (x509 != NULL) X509_free(x509);
+       sk_free(sk);
+       X509_free(x509);
        return(ret);
        }
 

diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 487981ef0ee9248ddf35e24d4bc5a5bdce35fa77..0dad8919c75f444616fa00c13945aa8b0be748c6 100644 (file)
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -404,6 +404,7 @@ EVP_PKEY *pkey;
                ret= -1;
 
 err:
+       if(!pkey) EVP_PKEY_free(pk);
        return(ret);
        }
 

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 436215094a9d0178f2ad0564ca158c1ac7f17c53..363118835cfc705226dfe1073bcde703d2bbe011 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -814,8 +814,9 @@ f_err:
                ssl3_send_alert(s,SSL3_AL_FATAL,al);
                }
 err:
-       if (x != NULL) X509_free(x);
-       if (sk != NULL) sk_pop_free(sk,X509_free);
+       EVP_PKEY_free(pkey);
+       X509_free(x);
+       sk_pop_free(sk,X509_free);
        return(ret);
        }
 
@@ -1103,11 +1104,12 @@ SSL *s;
                        goto f_err;
                        }
                }
-
+       EVP_PKEY_free(pkey);
        return(1);
 f_err:
        ssl3_send_alert(s,SSL3_AL_FATAL,al);
 err:
+       EVP_PKEY_free(pkey);
        return(-1);
        }
 
@@ -1622,6 +1624,7 @@ SSL *s;
        idx=c->cert_type;
        pkey=X509_get_pubkey(c->pkeys[idx].x509);
        i=X509_certificate_type(c->pkeys[idx].x509,pkey);
+       EVP_PKEY_free(pkey);
 
        
        /* Check that we have a certificate if we require one */

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index ddf377c1224ffa6f9eaac76efb0dcbac415dc795..a827a58d4932666d0c70f9be874b49f53a6c505f 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1510,6 +1510,7 @@ f_err:
                ssl3_send_alert(s,SSL3_AL_FATAL,al);
                }
 end:
+       EVP_PKEY_free(pkey);
        return(ret);
        }
 

diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index a8a62f1b04004b1ef87553cb93380930fde4b2b6..745a8ec24f85b15f255f1051a5c67e0324147f45 100644 (file)
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -229,8 +229,10 @@ EVP_PKEY *pkey;
 
        if (c->pkeys[i].x509 != NULL)
                {
-               EVP_PKEY_copy_parameters(
-                       X509_get_pubkey(c->pkeys[i].x509),pkey);
+               EVP_PKEY *pktmp;
+               pktmp = X509_get_pubkey(c->pkeys[i].x509);
+               EVP_PKEY_copy_parameters(pktmp,pkey);
+               EVP_PKEY_free(pktmp);
                ERR_clear_error();
 
 #ifndef NO_RSA
@@ -503,6 +505,7 @@ X509 *x;
        if (i < 0)
                {
                SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
+               EVP_PKEY_free(pkey);
                return(0);
                }
 
@@ -549,6 +552,7 @@ X509 *x;
        else
                ok=1;
 
+       EVP_PKEY_free(pkey);
        if (bad)
                {
                EVP_PKEY_free(c->pkeys[i].privatekey);