From: Bernd Edlinger Date: Tue, 29 Jan 2019 13:16:28 +0000 (+0100) Subject: Fix a memory leak with di2_X509_CRL reuse X-Git-Tag: OpenSSL_1_1_1b~55 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=7193394aeea6422694bff5bb0c4f9e101f5ce44f;p=oweals%2Fopenssl.git Fix a memory leak with di2_X509_CRL reuse Additionally avoid undefined behavior with in-place memcpy in X509_CRL_digest. Fixes #8099 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8112) (cherry picked from commit a727627922b8a9ec6628ffaa2054b4b3833d674b) --- diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c index 10733b58bc..a326451d1f 100644 --- a/crypto/x509/x_crl.c +++ b/crypto/x509/x_crl.c @@ -158,6 +158,18 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, int idx; switch (operation) { + case ASN1_OP_D2I_PRE: + if (crl->meth->crl_free) { + if (!crl->meth->crl_free(crl)) + return 0; + } + AUTHORITY_KEYID_free(crl->akid); + ISSUING_DIST_POINT_free(crl->idp); + ASN1_INTEGER_free(crl->crl_number); + ASN1_INTEGER_free(crl->base_crl_number); + sk_GENERAL_NAMES_pop_free(crl->issuers, GENERAL_NAMES_free); + /* fall thru */ + case ASN1_OP_NEW_POST: crl->idp = NULL; crl->akid = NULL; diff --git a/test/crltest.c b/test/crltest.c index 4d35fd4081..6ce9890260 100644 --- a/test/crltest.c +++ b/test/crltest.c @@ -357,6 +357,20 @@ static int test_unknown_critical_crl(int n) return r; } +static int test_reuse_crl(void) +{ + X509_CRL *reused_crl = CRL_from_strings(kBasicCRL); + char *p; + BIO *b = glue2bio(kRevokedCRL, &p); + + reused_crl = PEM_read_bio_X509_CRL(b, &reused_crl, NULL, NULL); + + OPENSSL_free(p); + BIO_free(b); + X509_CRL_free(reused_crl); + return 1; +} + int setup_tests(void) { if (!TEST_ptr(test_root = X509_from_strings(kCRLTestRoot)) @@ -368,6 +382,7 @@ int setup_tests(void) ADD_TEST(test_bad_issuer_crl); ADD_TEST(test_known_critical_crl); ADD_ALL_TESTS(test_unknown_critical_crl, OSSL_NELEM(unknown_critical_crls)); + ADD_TEST(test_reuse_crl); return 1; }