diff options
author | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2023-11-15 19:46:17 +0100 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2023-11-22 09:20:35 +0100 |
commit | 7f943d40bda4539d63da34ecfbbc8556f2603fb3 (patch) | |
tree | 61945b5464d61ff3b1d1f6217df3b77d546343b4 | |
parent | 667f974ba7107b9c2a68fdac55b0f13bc84592fe (diff) |
Fix a possible memory leak in dane_tlsa_add
Several error cases leak either the X509 object
or the pkey or the danetls_record object.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22743)
(cherry picked from commit e4a94bcc77f3fda0f185e62a73a66d9b9b9388f5)
-rw-r--r-- | ssl/ssl_lib.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 5314e1ec0d..70d3b17c19 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -327,11 +327,13 @@ static int dane_tlsa_add(SSL_DANE *dane, case DANETLS_SELECTOR_CERT: if (!d2i_X509(&cert, &p, ilen) || p < data || dlen != (size_t)(p - data)) { + X509_free(cert); tlsa_free(t); ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_CERTIFICATE); return 0; } if (X509_get0_pubkey(cert) == NULL) { + X509_free(cert); tlsa_free(t); ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_CERTIFICATE); return 0; @@ -339,6 +341,7 @@ static int dane_tlsa_add(SSL_DANE *dane, if ((DANETLS_USAGE_BIT(usage) & DANETLS_TA_MASK) == 0) { X509_free(cert); + tlsa_free(t); break; } @@ -362,6 +365,7 @@ static int dane_tlsa_add(SSL_DANE *dane, case DANETLS_SELECTOR_SPKI: if (!d2i_PUBKEY(&pkey, &p, ilen) || p < data || dlen != (size_t)(p - data)) { + EVP_PKEY_free(pkey); tlsa_free(t); ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_PUBLIC_KEY); return 0; |