Fix a memory leak in CONF .include handling
authorMatt Caswell <matt@openssl.org>
Fri, 1 May 2020 14:15:13 +0000 (15:15 +0100)
committerMatt Caswell <matt@openssl.org>
Wed, 6 May 2020 10:40:53 +0000 (11:40 +0100)
If OPENSSL_CONF_INCLUDE has been set then we may leak the "include"
buffer.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11691)

crypto/conf/conf_def.c

index 9dbda10edfd8f864b36fca9f73d1e501a43502cd..6efe291ac84dc6a4e3e9d30211a7a20a8ad8478c 100644 (file)
@@ -420,6 +420,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
                     OPENSSL_strlcpy(include_path, include_dir, newlen);
                     OPENSSL_strlcat(include_path, "/", newlen);
                     OPENSSL_strlcat(include_path, include, newlen);
+                    OPENSSL_free(include);
                 } else {
                     include_path = include;
                 }
@@ -429,15 +430,11 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
                 next = process_include(include_path, &dirctx, &dirpath);
                 if (include_path != dirpath) {
                     /* dirpath will contain include in case of a directory */
-                    OPENSSL_free(include);
-                    if (include_path != include)
-                        OPENSSL_free(include_path);
+                    OPENSSL_free(include_path);
                 }
 #else
                 next = BIO_new_file(include_path, "r");
-                OPENSSL_free(include);
-                if (include_path != include)
-                    OPENSSL_free(include_path);
+                OPENSSL_free(include_path);
 #endif
 
                 if (next != NULL) {