Fix memory leaks in CA related functions.
authorPavel Kopyl <p.kopyl@samsung.com>
Fri, 3 Nov 2017 15:18:59 +0000 (18:18 +0300)
committerRichard Levitte <levitte@openssl.org>
Sat, 12 May 2018 22:36:53 +0000 (00:36 +0200)
(cherry picked from commit aebd0e5ca12d1ba0b229a4121a54afa5ea2d8aa1)

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6237)

apps/ca.c
apps/verify.c
crypto/conf/conf_api.c
crypto/engine/eng_lib.c

index eb093d0e0b3cd3dc08868caec13104962f81d26e..fe9d29b5bb3125fe0fb284d18a2020b2e8409d89 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -929,10 +929,13 @@ end_of_options:
             if (j > 0) {
                 total_done++;
                 BIO_printf(bio_err, "\n");
-                if (!BN_add_word(serial, 1))
+                if (!BN_add_word(serial, 1)) {
+                    X509_free(x);
                     goto end;
+                }
                 if (!sk_X509_push(cert_sk, x)) {
                     BIO_printf(bio_err, "Memory allocation failure\n");
+                    X509_free(x);
                     goto end;
                 }
             }
index 0925ee627fd20bf5a4d2ebd77243b927ad7983f9..9ca9f33b5893cd0d432b08c6914fd23e92ae7df0 100644 (file)
@@ -219,6 +219,7 @@ static int check(X509_STORE *ctx, const char *file,
 
     X509_STORE_set_flags(ctx, vflags);
     if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) {
+        X509_STORE_CTX_free(csc);
         printf("error %s: X.509 store context initialization failed\n",
                (file == NULL) ? "stdin" : file);
         goto end;
index 5535416ab3bf31fe8837fd48d8ef3e42333474ca..afbaefbd9b6377faef2c6b1cd04299487158907d 100644 (file)
@@ -205,10 +205,14 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const char *section)
 
     vv = lh_CONF_VALUE_insert(conf->data, v);
     OPENSSL_assert(vv == NULL);
+    if (lh_CONF_VALUE_error(conf->data) > 0)
+        goto err;
     return v;
 
  err:
     sk_CONF_VALUE_free(sk);
+    if (v != NULL)
+        OPENSSL_free(v->section);
     OPENSSL_free(v);
     return NULL;
 }
index 1b88d6fa458567f46694560af4408bfbff0017e5..70788769addbbd1cbfdb807e47e8d66f06fdf0eb 100644 (file)
@@ -144,8 +144,10 @@ void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb)
     if (!int_cleanup_check(1))
         return;
     item = int_cleanup_item(cb);
-    if (item)
-        sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item);
+    if (item != NULL) {
+        if (sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item) <= 0)
+            OPENSSL_free(item);
+    }
 }
 
 /* The API function that performs all cleanup */