https://bz.apache.org/bugzilla/show_bug.cgi?id=65620
Bug ID: 65620
Summary: Potential memory leaks from BIO_new
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: PC
OS: Mac OS X 10.1
Status: NEW
Severity: minor
Priority: P2
Component: mod_md
Assignee: bugs@httpd.apache.org
Reporter: filipe.ca...@trailofbits.com
Target Milestone: ---
The BIO* new memory created at (1) might leak if an early condition is taken
(2) or (3) since BIO_free(bio) is never called on those cases.
https://github.com/apache/httpd/blob/e77dffef9aa80fa1a7f90b49214dccc3ce957c51/modules/md/md_crypt.c#L642-L665
BIO *bio = BIO_new(BIO_s_mem()); (1)
const EVP_CIPHER *cipher = NULL;
pem_password_cb *cb = NULL;
void *cb_baton = NULL;
passwd_ctx ctx;
unsigned long err;
int i;
if (!bio) {
return APR_ENOMEM;
}
if (pass_len > INT_MAX) {
return APR_EINVAL; (2)
}
if (pass && pass_len > 0) {
ctx.pass_phrase = pass;
ctx.pass_len = (int)pass_len;
cb = pem_passwd;
cb_baton = &ctx;
cipher = EVP_aes_256_cbc();
if (!cipher) {
return APR_ENOTIMPL; (3)
}
}
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org
