From 9ad52c562a93c9a57ae3024e54c575430753244c Mon Sep 17 00:00:00 2001 From: Bernd Edlinger Date: Sun, 19 Feb 2017 18:12:03 +0100 Subject: [PATCH] Fix a few memleaks in TXT_DB. Reviewed-by: Richard Levitte Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2684) --- apps/ca.c | 12 +++++++----- crypto/txt_db/txt_db.c | 35 ++++++++++++++++++++++++++--------- 2 files changed, 33 insertions(+), 14 deletions(-) diff --git a/apps/ca.c b/apps/ca.c index 8329884612..e53695453a 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -1836,10 +1836,8 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, } irow = app_malloc(sizeof(*irow) * (DB_NUMBER + 1), "row space"); - for (i = 0; i < DB_NUMBER; i++) { + for (i = 0; i < DB_NUMBER; i++) irow[i] = row[i]; - row[i] = NULL; - } irow[DB_NUMBER] = NULL; if (!TXT_DB_insert(db->db, irow)) { @@ -1847,10 +1845,14 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error); goto end; } + irow = NULL; ok = 1; end: - for (i = 0; i < DB_NUMBER; i++) - OPENSSL_free(row[i]); + if (irow != NULL) { + for (i = 0; i < DB_NUMBER; i++) + OPENSSL_free(row[i]); + OPENSSL_free(irow); + } X509_NAME_free(CAname); X509_NAME_free(subject); diff --git a/crypto/txt_db/txt_db.c b/crypto/txt_db/txt_db.c index 14322309a7..cf932a52aa 100644 --- a/crypto/txt_db/txt_db.c +++ b/crypto/txt_db/txt_db.c @@ -104,12 +104,15 @@ TXT_DB *TXT_DB_read(BIO *in, int num) } *(p++) = '\0'; if ((n != num) || (*f != '\0')) { + OPENSSL_free(pp); ret->error = DB_ERROR_WRONG_NUM_FIELDS; goto err; } pp[n] = p; - if (!sk_OPENSSL_PSTRING_push(ret->data, pp)) + if (!sk_OPENSSL_PSTRING_push(ret->data, pp)) { + OPENSSL_free(pp); goto err; + } } BUF_MEM_free(buf); return ret; @@ -148,7 +151,7 @@ int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *), OPENSSL_LH_HASHFUNC hash, OPENSSL_LH_COMPFUNC cmp) { LHASH_OF(OPENSSL_STRING) *idx; - OPENSSL_STRING *r; + OPENSSL_STRING *r, *k; int i, n; if (field >= db->num_fields) { @@ -165,13 +168,18 @@ int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *), r = sk_OPENSSL_PSTRING_value(db->data, i); if ((qual != NULL) && (qual(r) == 0)) continue; - if ((r = lh_OPENSSL_STRING_insert(idx, r)) != NULL) { + if ((k = lh_OPENSSL_STRING_insert(idx, r)) != NULL) { db->error = DB_ERROR_INDEX_CLASH; - db->arg1 = sk_OPENSSL_PSTRING_find(db->data, r); + db->arg1 = sk_OPENSSL_PSTRING_find(db->data, k); db->arg2 = i; lh_OPENSSL_STRING_free(idx); return (0); } + if (lh_OPENSSL_STRING_retrieve(idx, r) == NULL) { + db->error = DB_ERROR_MALLOC; + lh_OPENSSL_STRING_free(idx); + return (0); + } } lh_OPENSSL_STRING_free(db->index[field]); db->index[field] = idx; @@ -244,20 +252,29 @@ int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *row) } } } - /* We have passed the index checks, now just append and insert */ - if (!sk_OPENSSL_PSTRING_push(db->data, row)) { - db->error = DB_ERROR_MALLOC; - goto err; - } for (i = 0; i < db->num_fields; i++) { if (db->index[i] != NULL) { if ((db->qual[i] != NULL) && (db->qual[i] (row) == 0)) continue; (void)lh_OPENSSL_STRING_insert(db->index[i], row); + if (lh_OPENSSL_STRING_retrieve(db->index[i], row) == NULL) + goto err1; } } + if (!sk_OPENSSL_PSTRING_push(db->data, row)) + goto err1; return (1); + + err1: + db->error = DB_ERROR_MALLOC; + while (i-- > 0) { + if (db->index[i] != NULL) { + if ((db->qual[i] != NULL) && (db->qual[i] (row) == 0)) + continue; + (void)lh_OPENSSL_STRING_delete(db->index[i], row); + } + } err: return (0); } -- 2.25.1