https://bz.apache.org/bugzilla/show_bug.cgi?id=65620
Bug ID: 65620 Summary: Potential memory leaks from BIO_new Product: Apache httpd-2 Version: 2.5-HEAD Hardware: PC OS: Mac OS X 10.1 Status: NEW Severity: minor Priority: P2 Component: mod_md Assignee: bugs@httpd.apache.org Reporter: filipe.ca...@trailofbits.com Target Milestone: --- The BIO* new memory created at (1) might leak if an early condition is taken (2) or (3) since BIO_free(bio) is never called on those cases. https://github.com/apache/httpd/blob/e77dffef9aa80fa1a7f90b49214dccc3ce957c51/modules/md/md_crypt.c#L642-L665 BIO *bio = BIO_new(BIO_s_mem()); (1) const EVP_CIPHER *cipher = NULL; pem_password_cb *cb = NULL; void *cb_baton = NULL; passwd_ctx ctx; unsigned long err; int i; if (!bio) { return APR_ENOMEM; } if (pass_len > INT_MAX) { return APR_EINVAL; (2) } if (pass && pass_len > 0) { ctx.pass_phrase = pass; ctx.pass_len = (int)pass_len; cb = pem_passwd; cb_baton = &ctx; cipher = EVP_aes_256_cbc(); if (!cipher) { return APR_ENOTIMPL; (3) } } -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org