GH354: Memory leak fixes (c8491de3) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

crypto/asn1/x_x509a.c

+5 −2

Original line number	Diff line number	Diff line
		@@ -163,10 +163,13 @@ int X509_add1_reject_object(X509 x, ASN1_OBJECT obj)
		if (!(objtmp = OBJ_dup(obj)))
		return 0;
		if (!(aux = aux_get(x)))
		return 0;
		goto err;
		if (!aux->reject && !(aux->reject = sk_ASN1_OBJECT_new_null()))
		return 0;
		goto err;
		return sk_ASN1_OBJECT_push(aux->reject, objtmp);
		err:
		ASN1_OBJECT_free(objtmp);
		return 0;
		}

		void X509_trust_clear(X509 *x)

crypto/pkcs7/pk7_smime.c

+6 −19

Original line number	Diff line number	Diff line
		@@ -256,8 +256,8 @@ int PKCS7_verify(PKCS7 p7, STACK_OF(X509) certs, X509_STORE *store,
		X509_STORE_CTX cert_ctx;
		char buf[4096];
		int i, j = 0, k, ret = 0;
		BIO *p7bio;
		BIO tmpin, tmpout;
		BIO *p7bio = NULL;
		BIO tmpin = NULL, tmpout = NULL;

		if (!p7) {
		PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_INVALID_NULL_POINTER);
		@@ -274,18 +274,12 @@ int PKCS7_verify(PKCS7 p7, STACK_OF(X509) certs, X509_STORE *store,
		PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_CONTENT);
		return 0;
		}
		#if 0
		/*
		* NB: this test commented out because some versions of Netscape
		* illegally include zero length content when signing data.
		*/

		/* Check for data and content: two sets of data */
		if (!PKCS7_get_detached(p7) && indata) {
		PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT);
		return 0;
		}
		#endif

		sinfos = PKCS7_get_signer_info(p7);

		@@ -295,7 +289,6 @@ int PKCS7_verify(PKCS7 p7, STACK_OF(X509) certs, X509_STORE *store,
		}

		signers = PKCS7_get0_signers(p7, certs, flags);

		if (!signers)
		return 0;

		@@ -308,14 +301,12 @@ int PKCS7_verify(PKCS7 p7, STACK_OF(X509) certs, X509_STORE *store,
		if (!X509_STORE_CTX_init(&cert_ctx, store, signer,
		p7->d.sign->cert)) {
		PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB);
		sk_X509_free(signers);
		return 0;
		goto err;
		}
		X509_STORE_CTX_set_default(&cert_ctx, "smime_sign");
		} else if (!X509_STORE_CTX_init(&cert_ctx, store, signer, NULL)) {
		PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB);
		sk_X509_free(signers);
		return 0;
		goto err;
		}
		if (!(flags & PKCS7_NOCRL))
		X509_STORE_CTX_set0_crls(&cert_ctx, p7->d.sign->crl);
		@@ -328,8 +319,7 @@ int PKCS7_verify(PKCS7 p7, STACK_OF(X509) certs, X509_STORE *store,
		PKCS7_R_CERTIFICATE_VERIFY_ERROR);
		ERR_add_error_data(2, "Verify error:",
		X509_verify_cert_error_string(j));
		sk_X509_free(signers);
		return 0;
		goto err;
		}
		/* Check for revocation status here */
		}
		@@ -348,7 +338,7 @@ int PKCS7_verify(PKCS7 p7, STACK_OF(X509) certs, X509_STORE *store,
		tmpin = BIO_new_mem_buf(ptr, len);
		if (tmpin == NULL) {
		PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE);
		return 0;
		goto err;
		}
		} else
		tmpin = indata;
		@@ -398,15 +388,12 @@ int PKCS7_verify(PKCS7 p7, STACK_OF(X509) certs, X509_STORE *store,
		ret = 1;

		err:

		if (tmpin == indata) {
		if (indata)
		BIO_pop(p7bio);
		}
		BIO_free_all(p7bio);

		sk_X509_free(signers);

		return ret;
		}

crypto/x509/x509_vfy.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -249,7 +249,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
		if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) {
		ok = ctx->get_issuer(&xtmp, ctx, x);
		if (ok < 0)
		return ok;
		goto end;
		/*
		* If successful for now free up cert so it will be picked up
		* again later.
		@@ -347,7 +347,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
		ok = ctx->get_issuer(&xtmp, ctx, x);

		if (ok < 0)
		return ok;
		goto end;
		if (ok == 0)
		break;
		x = xtmp;

ssl/clienthellotest.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -213,6 +213,7 @@ int main(int argc, char *argv[])
		EVP_cleanup();
		CRYPTO_cleanup_all_ex_data();
		CRYPTO_mem_leaks(err);
		BIO_free(err);

		return testresult?0:1;
		}