Fixes memory leaks in CT code

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

diff --git a/crypto/ct/ct_sct.c b/crypto/ct/ct_sct.c
index 35f815235f15d32223970c5051cd6be078ba7d65..2b7211d7ea42f42cb34e00c649bddc7753839fe6 100644 (file)
--- a/crypto/ct/ct_sct.c
+++ b/crypto/ct/ct_sct.c
@@ -402,7 +402,7 @@ int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx)
             goto end;
         }
 
-        issuer_pkey = X509_get_pubkey(ctx->issuer);
+        issuer_pkey = X509_get0_pubkey(ctx->issuer);
 
         if (X509_PUBKEY_set(&pub, issuer_pkey) != 1)
             goto err;

diff --git a/test/ct_test.c b/test/ct_test.c
index 99517a6d9ff668d497c50e9d36727d821adbacf3..30e1ac653305290029653cb436133fc46e4653d7 100644 (file)
--- a/test/ct_test.c
+++ b/test/ct_test.c
@@ -80,7 +80,7 @@ typedef struct ct_test_fixture {
     /* Set the following to test handling of SCTs in TLS format */
     const uint8_t *tls_sct;
     size_t tls_sct_len;
-    const SCT *sct;
+    SCT *sct;
     /*
      * A file to load the expected SCT text from.
      * This text will be compared to the actual text output during the test.
@@ -124,6 +124,7 @@ end:
 static void tear_down(CT_TEST_FIXTURE fixture)
 {
     CTLOG_STORE_free(fixture.ctlog_store);
+    SCT_free(fixture.sct);
     ERR_print_errors_fp(stderr);
 }
 
@@ -237,6 +238,8 @@ static int execute_cert_test(CT_TEST_FIXTURE fixture)
     SCT *sct = NULL;
     char expected_sct_text[CT_TEST_MAX_FILE_SIZE];
     int sct_text_len = 0;
+    unsigned char *tls_sct = NULL;
+    size_t tls_sct_len = 0;
     CT_POLICY_EVAL_CTX *ct_policy_ctx = CT_POLICY_EVAL_CTX_new();
 
     if (fixture.sct_text_file_path != NULL) {
@@ -361,8 +364,6 @@ static int execute_cert_test(CT_TEST_FIXTURE fixture)
 
     if (fixture.tls_sct != NULL) {
         const unsigned char *p = fixture.tls_sct;
-        unsigned char *tls_sct;
-        size_t tls_sct_len;
         if (o2i_SCT(&sct, &p, fixture.tls_sct_len) == NULL) {
             test_failed = 1;
             fprintf(stderr, "Failed to decode SCT from TLS format\n");
@@ -403,6 +404,7 @@ end:
     SCT_LIST_free(scts);
     SCT_free(sct);
     CT_POLICY_EVAL_CTX_free(ct_policy_ctx);
+    OPENSSL_free(tls_sct);
     return test_failed;
 }
 
@@ -502,8 +504,6 @@ static int test_encode_tls_sct()
     fixture.sct = sct;
     fixture.sct_text_file_path = "ct/tls1.sct";
     EXECUTE_CT_TEST();
-
-    SCT_free(sct);
 }
 
 int main(int argc, char *argv[])