Hi,
The BN_to_ASN1_INTEGER method in crypto/asn1/a_int.c leaks memory when a
non-null, initialized ASN1_INTEGER object is passed in the 2nd argument.
Here is a bug fix patch against openssl-0.9.6d:
Regards,
Zoltan
Index: a_int.c
===================================================================
RCS file: /var/cvs/openssl/crypto/asn1/a_int.c,v
retrieving revision 1.1.1.1
diff -c -r1.1.1.1 a_int.c
*** a_int.c 2002/05/10 20:33:08 1.1.1.1
--- a_int.c 2002/05/25 14:43:45
***************
*** 451,457 ****
else ret->type=V_ASN1_INTEGER;
j=BN_num_bits(bn);
len=((j == 0)?0:((j/8)+1));
! ret->data=(unsigned char *)OPENSSL_malloc(len+4);
ret->length=BN_bn2bin(bn,ret->data);
return(ret);
err:
--- 451,466 ----
else ret->type=V_ASN1_INTEGER;
j=BN_num_bits(bn);
len=((j == 0)?0:((j/8)+1));
! if (ret->length < len+4)
! {
! char *new_data=(char *)OPENSSL_realloc(ret->data, len+4);
! if (!new_data)
! {
! ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
! goto err;
! }
! ret->data=new_data;
! }
ret->length=BN_bn2bin(bn,ret->data);
return(ret);
err:
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
