From e22ce0d07496c53cd100c6d46a54d7a46c13bba9 Mon Sep 17 00:00:00 2001 From: Pavel Kopyl Date: Fri, 3 Nov 2017 18:18:59 +0300 Subject: [PATCH] Fix memory leaks in CA related functions. (cherry picked from commit aebd0e5ca12d1ba0b229a4121a54afa5ea2d8aa1) Reviewed-by: Andy Polyakov Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6237) --- apps/ca.c | 5 ++++- apps/verify.c | 1 + crypto/conf/conf_api.c | 4 ++++ crypto/engine/eng_lib.c | 6 ++++-- 4 files changed, 13 insertions(+), 3 deletions(-) diff --git a/apps/ca.c b/apps/ca.c index eb093d0e0b..fe9d29b5bb 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -929,10 +929,13 @@ end_of_options: if (j > 0) { total_done++; BIO_printf(bio_err, "\n"); - if (!BN_add_word(serial, 1)) + if (!BN_add_word(serial, 1)) { + X509_free(x); goto end; + } if (!sk_X509_push(cert_sk, x)) { BIO_printf(bio_err, "Memory allocation failure\n"); + X509_free(x); goto end; } } diff --git a/apps/verify.c b/apps/verify.c index 0925ee627f..9ca9f33b58 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -219,6 +219,7 @@ static int check(X509_STORE *ctx, const char *file, X509_STORE_set_flags(ctx, vflags); if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) { + X509_STORE_CTX_free(csc); printf("error %s: X.509 store context initialization failed\n", (file == NULL) ? "stdin" : file); goto end; diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c index 5535416ab3..afbaefbd9b 100644 --- a/crypto/conf/conf_api.c +++ b/crypto/conf/conf_api.c @@ -205,10 +205,14 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const char *section) vv = lh_CONF_VALUE_insert(conf->data, v); OPENSSL_assert(vv == NULL); + if (lh_CONF_VALUE_error(conf->data) > 0) + goto err; return v; err: sk_CONF_VALUE_free(sk); + if (v != NULL) + OPENSSL_free(v->section); OPENSSL_free(v); return NULL; } diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c index 1b88d6fa45..70788769ad 100644 --- a/crypto/engine/eng_lib.c +++ b/crypto/engine/eng_lib.c @@ -144,8 +144,10 @@ void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb) if (!int_cleanup_check(1)) return; item = int_cleanup_item(cb); - if (item) - sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item); + if (item != NULL) { + if (sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item) <= 0) + OPENSSL_free(item); + } } /* The API function that performs all cleanup */ -- 2.25.1