crypto/engine/eng_devcrypto.c: ensure we don't leak resources
authorRichard Levitte <levitte@openssl.org>
Fri, 2 Nov 2018 09:24:24 +0000 (10:24 +0100)
committerRichard Levitte <levitte@openssl.org>
Fri, 2 Nov 2018 19:24:08 +0000 (20:24 +0100)
If engine building fails for some reason, we must make sure to close
the /dev/crypto handle.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/7506)

(cherry picked from commit 681e8cacdbdc44ac00af29b6656fc52745a9baa2)

crypto/engine/eng_devcrypto.c

index a15dc95a6e40a42b15e3d4fa73ae4c41299d19d1..4a0ba09a38bec178f58eabbece9ff96b15827ce7 100644 (file)
@@ -624,12 +624,20 @@ void engine_load_devcrypto_int()
     prepare_digest_methods();
 #endif
 
-    if ((e = ENGINE_new()) == NULL)
+    if ((e = ENGINE_new()) == NULL
+        || !ENGINE_set_destroy_function(e, devcrypto_unload)) {
+        ENGINE_free(e);
+        /*
+         * We know that devcrypto_unload() won't be called when one of the
+         * above two calls have failed, so we close cfd explicitly here to
+         * avoid leaking resources.
+         */
+        close(cfd);
         return;
+    }
 
     if (!ENGINE_set_id(e, "devcrypto")
         || !ENGINE_set_name(e, "/dev/crypto engine")
-        || !ENGINE_set_destroy_function(e, devcrypto_unload)
 
 /*
  * Asymmetric ciphers aren't well supported with /dev/crypto.  Among the BSD