Fix various memory leaks in SSL, apps and DSA
authorDr. Stephen Henson <steve@openssl.org>
Mon, 15 Feb 1999 21:05:21 +0000 (21:05 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Mon, 15 Feb 1999 21:05:21 +0000 (21:05 +0000)
CHANGES
apps/s_cb.c
apps/s_client.c
apps/sc.c
crypto/dsa/dsa_vrf.c
ssl/s2_clnt.c
ssl/s2_srvr.c
ssl/s3_both.c
ssl/s3_clnt.c
ssl/s3_srvr.c
ssl/ssl_rsa.c

diff --git a/CHANGES b/CHANGES
index 7cc1ece..043c755 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -5,9 +5,15 @@
 
  Changes between 0.9.1c and 0.9.2
 
+  *) Run extensive memory leak checks on SSL apps. Fixed *lots* of memory
+     leaks in ssl/ relating to new X509_get_pubkey() behaviour. Also fixes
+     in apps/ and an unrellated leak in crypto/dsa/dsa_vrf.c
+     [Steve Henson]
+
   *) Support for RAW extensions where an arbitrary extension can be
      created by including its DER encoding. See apps/openssl.cnf for
      an example.
+     [Steve Henson]
 
   *) Make sure latest Perl versions don't interpret some generated C array
      code as Perl array code in the crypto/err/err_genc.pl script.
index 1a7b06e..ba0b548 100644 (file)
@@ -156,9 +156,13 @@ char *key_file;
                ssl=SSL_new(ctx);
                x509=SSL_get_certificate(ssl);
 
-               if (x509 != NULL)
-                       EVP_PKEY_copy_parameters(X509_get_pubkey(x509),
-                               SSL_get_privatekey(ssl));
+               if (x509 != NULL) {
+                       EVP_PKEY *pktmp;
+                       pktmp = X509_get_pubkey(x509);
+                       EVP_PKEY_copy_parameters(pktmp,
+                                               SSL_get_privatekey(ssl));
+                       EVP_PKEY_free(pktmp);
+               }
                SSL_free(ssl);
                */
 
index 2830785..a75e8ae 100644 (file)
@@ -743,9 +743,13 @@ int full;
        BIO_printf(bio,"%s, Cipher is %s\n",
                SSL_CIPHER_get_version(c),
                SSL_CIPHER_get_name(c));
-       if (peer != NULL)
+       if (peer != NULL) {
+               EVP_PKEY *pktmp;
+               pktmp = X509_get_pubkey(peer);
                BIO_printf(bio,"Server public key is %d bit\n",
-                       EVP_PKEY_bits(X509_get_pubkey(peer)));
+                                                        EVP_PKEY_bits(pktmp));
+               EVP_PKEY_free(pktmp);
+       }
        SSL_SESSION_print(bio,SSL_get_session(s));
        BIO_printf(bio,"---\n");
        if (peer != NULL)
index f6015e8..fccd805 100644 (file)
--- a/apps/sc.c
+++ b/apps/sc.c
@@ -770,8 +770,12 @@ int full;
                SSL_CIPHER_get_version(c),
                SSL_CIPHER_get_name(c));
        if (peer != NULL)
+       {
+               EVP_PKEY *pktmp;
                BIO_printf(bio,"Server public key is %d bit\n",
-                       EVP_PKEY_bits(X509_get_pubkey(peer)));
+                                                       EVP_PKEY_bits(pktmp));
+               EVP_PKEY_free(pktmp);
+       }
        SSL_SESSION_print(bio,SSL_get_session(s));
        BIO_printf(bio,"---\n");
        if (peer != NULL)
index 71cefbe..37e8781 100644 (file)
@@ -91,7 +91,6 @@ DSA *dsa;
        int ret = -1;
 
        if ((ctx=BN_CTX_new()) == NULL) goto err;
-       if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
 
        BN_init(&u1);
        BN_init(&u2);
index 0c13842..9c8037b 100644 (file)
@@ -953,8 +953,9 @@ unsigned char *data;
                goto err;
        ret=1;
 err:
-       if (sk != NULL) sk_free(sk);
-       if (x509 != NULL) X509_free(x509);
+       sk_free(sk);
+       X509_free(x509);
+       EVP_PKEY_free(pkey);
        return(ret);
        }
 
@@ -985,6 +986,7 @@ int padding;
        if (i < 0)
                SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,ERR_R_RSA_LIB);
 end:
+       EVP_PKEY_free(pkey);
        return(i);
        }
 
index 7e8732f..8580ac6 100644 (file)
@@ -910,6 +910,7 @@ SSL *s;
                pkey=X509_get_pubkey(x509);
                if (pkey == NULL) goto end;
                i=EVP_VerifyFinal(&ctx,p,s->s2->tmp.rlen,pkey);
+               EVP_PKEY_free(pkey);
                memset(&ctx,0,sizeof(ctx));
 
                if (i) 
@@ -933,8 +934,8 @@ msg_end:
                ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE);
                }
 end:
-       if (sk != NULL) sk_free(sk);
-       if (x509 != NULL) X509_free(x509);
+       sk_free(sk);
+       X509_free(x509);
        return(ret);
        }
 
index 487981e..0dad891 100644 (file)
@@ -404,6 +404,7 @@ EVP_PKEY *pkey;
                ret= -1;
 
 err:
+       if(!pkey) EVP_PKEY_free(pk);
        return(ret);
        }
 
index 4362150..3631188 100644 (file)
@@ -814,8 +814,9 @@ f_err:
                ssl3_send_alert(s,SSL3_AL_FATAL,al);
                }
 err:
-       if (x != NULL) X509_free(x);
-       if (sk != NULL) sk_pop_free(sk,X509_free);
+       EVP_PKEY_free(pkey);
+       X509_free(x);
+       sk_pop_free(sk,X509_free);
        return(ret);
        }
 
@@ -1103,11 +1104,12 @@ SSL *s;
                        goto f_err;
                        }
                }
-
+       EVP_PKEY_free(pkey);
        return(1);
 f_err:
        ssl3_send_alert(s,SSL3_AL_FATAL,al);
 err:
+       EVP_PKEY_free(pkey);
        return(-1);
        }
 
@@ -1622,6 +1624,7 @@ SSL *s;
        idx=c->cert_type;
        pkey=X509_get_pubkey(c->pkeys[idx].x509);
        i=X509_certificate_type(c->pkeys[idx].x509,pkey);
+       EVP_PKEY_free(pkey);
 
        
        /* Check that we have a certificate if we require one */
index ddf377c..a827a58 100644 (file)
@@ -1510,6 +1510,7 @@ f_err:
                ssl3_send_alert(s,SSL3_AL_FATAL,al);
                }
 end:
+       EVP_PKEY_free(pkey);
        return(ret);
        }
 
index a8a62f1..745a8ec 100644 (file)
@@ -229,8 +229,10 @@ EVP_PKEY *pkey;
 
        if (c->pkeys[i].x509 != NULL)
                {
-               EVP_PKEY_copy_parameters(
-                       X509_get_pubkey(c->pkeys[i].x509),pkey);
+               EVP_PKEY *pktmp;
+               pktmp = X509_get_pubkey(c->pkeys[i].x509);
+               EVP_PKEY_copy_parameters(pktmp,pkey);
+               EVP_PKEY_free(pktmp);
                ERR_clear_error();
 
 #ifndef NO_RSA
@@ -503,6 +505,7 @@ X509 *x;
        if (i < 0)
                {
                SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
+               EVP_PKEY_free(pkey);
                return(0);
                }
 
@@ -549,6 +552,7 @@ X509 *x;
        else
                ok=1;
 
+       EVP_PKEY_free(pkey);
        if (bad)
                {
                EVP_PKEY_free(c->pkeys[i].privatekey);