Fix memory leaks in CA related functions.

(cherry picked from commit aebd0e5ca12d1ba0b229a4121a54afa5ea2d8aa1)

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6238)

diff --git a/apps/ca.c b/apps/ca.c
index 4f9de5492148a180333f81ade80d36e8498ac3c0..31e87738d56cc4d15e30595bdf127869a2ac6ad1 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1176,10 +1176,13 @@ int MAIN(int argc, char **argv)
             if (j > 0) {
                 total_done++;
                 BIO_printf(bio_err, "\n");
-                if (!BN_add_word(serial, 1))
+                if (!BN_add_word(serial, 1)) {
+                    X509_free(x);
                     goto err;
+                }
                 if (!sk_X509_push(cert_sk, x)) {
                     BIO_printf(bio_err, "Memory allocation failure\n");
+                    X509_free(x);
                     goto err;
                 }
             }

diff --git a/apps/verify.c b/apps/verify.c
index c4bd1975764ceb607daed123502f6c9a682c9780..180ccf495c2fa3f02db383ee9402fbb5654eedee 100644 (file)
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -277,6 +277,7 @@ static int check(X509_STORE *ctx, char *file,
     X509_STORE_set_flags(ctx, vflags);
     if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) {
         ERR_print_errors(bio_err);
+        X509_STORE_CTX_free(csc);
         goto end;
     }
     if (tchain)

diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c
index 4cf7553376e6268f6365fe63bc70e1d3fa459e7b..60c9440120e8ebc8b5785652a36e589b76a026e7 100644 (file)
--- a/crypto/conf/conf_api.c
+++ b/crypto/conf/conf_api.c
@@ -290,6 +290,8 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const char *section)
 
     vv = lh_CONF_VALUE_insert(conf->data, v);
     OPENSSL_assert(vv == NULL);
+    if (lh_CONF_VALUE_error(conf->data) > 0)
+        goto err;
     ok = 1;
  err:
     if (!ok) {

diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c
index dc2abd28ec6a5dc158d43a6e91f5a4f0a2ab5b87..b7a899fe476d86d32f6866289d0146829025b574 100644 (file)
--- a/crypto/engine/eng_lib.c
+++ b/crypto/engine/eng_lib.c
@@ -188,8 +188,10 @@ void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb)
     if (!int_cleanup_check(1))
         return;
     item = int_cleanup_item(cb);
-    if (item)
-        sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item);
+    if (item != NULL) {
+        if (sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item) <= 0)
+            OPENSSL_free(item);
+    }
 }
 
 /* The API function that performs all cleanup */