diff options
author | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2024-01-28 23:50:16 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2024-01-31 10:33:01 +0000 |
commit | 573836ae7a26d48b9f64c296e173630a832a99f5 (patch) | |
tree | 4567a8d35466a2bf64844fc46f68650f986eaab9 | |
parent | cc8e39297a000df85a90f97f686cb210470d9697 (diff) |
Fix a possible memleak in bind_afalg
bind_afalg calls afalg_aes_cbc which allocates
cipher_handle->_hidden global object(s)
but if one of them fails due to out of memory,
the function bind_afalg relies on the engine destroy
method to be called. But that does not happen
because the dynamic engine object is not destroyed
in the usual way in dynamic_load in this case:
If the bind_engine function fails, there will be no
further calls into the shared object.
See ./crypto/engine/eng_dyn.c near the comment:
/* Copy the original ENGINE structure back */
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23409)
(cherry picked from commit 729a1496cc4cda669dea6501c991113c78f04560)
-rw-r--r-- | engines/e_afalg.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/engines/e_afalg.c b/engines/e_afalg.c index 2c08cbb28d..ccef155ea2 100644 --- a/engines/e_afalg.c +++ b/engines/e_afalg.c @@ -811,8 +811,10 @@ static int bind_helper(ENGINE *e, const char *id) if (!afalg_chk_platform()) return 0; - if (!bind_afalg(e)) + if (!bind_afalg(e)) { + afalg_destroy(e); return 0; + } return 1; } |