This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 1.3.x in repository https://gitbox.apache.org/repos/asf/tomcat-native.git
commit 93fbabc9deed52425981a9db15832bbe6a623f28 Author: Mark Thomas <[email protected]> AuthorDate: Thu Mar 12 11:36:59 2026 +0000 Fix potential memory leaks on error paths identified by Copilot SSL_CTX_add0_chain_cert only takes ownership on success so certs needs to be freed on the failure path. If realloc() fails, the original p_data pointer is lost --- native/src/sslcontext.c | 14 +++++++++++--- xdocs/miscellaneous/changelog.xml | 4 ++++ 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/native/src/sslcontext.c b/native/src/sslcontext.c index d3e2b229a..e7f1192e1 100644 --- a/native/src/sslcontext.c +++ b/native/src/sslcontext.c @@ -1297,6 +1297,7 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext, addChainCertificateRaw)(TCN_STDARGS, jl } else if (SSL_CTX_add0_chain_cert(c->ctx, certs) <= 0) { ERR_error_string_n(SSL_ERR_get(), err, TCN_OPENSSL_ERROR_STRING_LENGTH); tcn_Throw(e, "Error adding certificate to chain (%s)", err); + X509_free(certs); rv = JNI_FALSE; } @@ -1535,14 +1536,21 @@ static int initProtocols(JNIEnv *e, const tcn_ssl_ctxt_t *c, unsigned char **pro // delimited by ','. p_data_len += 1 + proto_chars_len; if (p_data_len > p_data_size) { + // Find start of buffer + unsigned char *p_data_start = p_data - (p_data_len - (1 + proto_chars_len)); + unsigned char *p_data_tmp; // double size p_data_size <<= 1; - p_data = realloc(p_data, p_data_size); - if (p_data == NULL) { - // Not enough memory? + p_data_tmp = realloc(p_data_start, p_data_size); + if (p_data_tmp == NULL) { + // Not enough memory? Free the original buffer. + free(p_data_start); + p_data = NULL; (*e)->ReleaseStringUTFChars(e, proto_string, proto_chars); break; } + // Set position in buffer as realloc may have moved the buffer + p_data = p_data_tmp + (p_data_len - (1 + proto_chars_len)); } // Write the length of the protocol and then increment before memcpy the protocol itself. *p_data = proto_chars_len; diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml index b1411173f..5a1d9d9fe 100644 --- a/xdocs/miscellaneous/changelog.xml +++ b/xdocs/miscellaneous/changelog.xml @@ -37,6 +37,10 @@ Fix a memory leak when parsing certificates. Pull request <pr>44</pr> provided by chenjp. (markt) </fix> + <fix> + Fix two potential memory leaks on error paths identified by Copilot. + (markt) + </fix> </changelog> </section> <section name="1.3.7" rtext="2026-03-10"> --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
