Fix coverity issue: CID 1466486 - Resource leak in OSSL_STORE

Note that although this is a false positive currently, it could become possible if any of the methods called
change behaviour - so it is safer to add the fix than to ignore it. Added a simple test so that I could prove this was the case.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12847)

diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c
index 61558a9b6efac437120b1f429f2d6c4c5daac1dd..98e49d826d4c45e06d41d619f1b3189a20acb07c 100644 (file)
--- a/crypto/store/store_lib.c
+++ b/crypto/store/store_lib.c
@@ -178,6 +178,7 @@ OSSL_STORE_open_with_libctx(const char *uri,
     }
     OSSL_STORE_LOADER_free(fetched_loader);
     OPENSSL_free(propq_copy);
+    OPENSSL_free(ctx);
     return NULL;
 }
 

diff --git a/test/build.info b/test/build.info
index 7c80b16284168701c0b9aead93f094dc491c60e6..0b67d49b380dacd54fba68cee57ab9f379b4306f 100644 (file)
--- a/test/build.info
+++ b/test/build.info
@@ -36,7 +36,7 @@ IF[{- !$disabled{tests} -}]
           destest mdc2test \
           exptest \
           evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \
-          evp_fetch_prov_test acvp_test evp_libctx_test \
+          evp_fetch_prov_test acvp_test evp_libctx_test ossl_store_test \
           v3nametest v3ext \
           evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \
           evp_fetch_prov_test v3nametest v3ext \
@@ -166,6 +166,10 @@ IF[{- !$disabled{tests} -}]
     DEPEND[acvp_test]=../libcrypto.a libtestutil.a
   ENDIF
 
+  SOURCE[ossl_store_test]=ossl_store_test.c
+  INCLUDE[ossl_store_test]=../include ../apps/include
+  DEPEND[ossl_store_test]=../libcrypto.a libtestutil.a
+
   SOURCE[provider_status_test]=provider_status_test.c
   INCLUDE[provider_status_test]=../include ../apps/include
   DEPEND[provider_status_test]=../libcrypto.a libtestutil.a

diff --git a/test/ossl_store_test.c b/test/ossl_store_test.c
new file mode 100644 (file)
index 0000000..cbae150
--- /dev/null
+++ b/test/ossl_store_test.c
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/store.h>
+#include <openssl/ui.h>
+#include "testutil.h"
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1,
+    OPT_EOF = 0,
+    OPT_INFILE,
+    OPT_TEST_ENUM
+} OPTION_CHOICE;
+
+static const char *infile = NULL;
+
+static int test_store_open(void)
+{
+    int ret = 0;
+    OSSL_STORE_CTX *sctx = NULL;
+    UI_METHOD *ui_method = NULL;
+
+    ret = TEST_ptr(ui_method= UI_create_method("DummyUI"))
+          && TEST_ptr(sctx = OSSL_STORE_open_with_libctx(infile, NULL, NULL,
+                                                         ui_method, NULL,
+                                                         NULL, NULL));
+    UI_destroy_method(ui_method);
+    OSSL_STORE_close(sctx);
+    return ret;
+}
+
+const OPTIONS *test_get_options(void)
+{
+    static const OPTIONS test_options[] = {
+        OPT_TEST_OPTIONS_DEFAULT_USAGE,
+        { "in", OPT_INFILE, '<', },
+        { NULL }
+    };
+    return test_options;
+}
+
+int setup_tests(void)
+{
+    OPTION_CHOICE o;
+
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_INFILE:
+            infile = opt_arg();
+            break;
+        case OPT_TEST_CASES:
+           break;
+        default:
+        case OPT_ERR:
+            return 0;
+        }
+    }
+
+    ADD_TEST(test_store_open);
+    return 1;
+}

diff --git a/test/recipes/66-test_ossl_store.t b/test/recipes/66-test_ossl_store.t
new file mode 100644 (file)
index 0000000..634b0e7
--- /dev/null
+++ b/test/recipes/66-test_ossl_store.t
@@ -0,0 +1,19 @@
+#! /usr/bin/env perl
+# Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use warnings;
+
+use OpenSSL::Test::Simple;
+use OpenSSL::Test qw/:DEFAULT srctop_file/;
+
+setup("test_ossl_store");
+
+plan tests => 1;
+
+ok(run(test(["ossl_store_test", "-in", srctop_file("test", "testrsa.pem")])));