Hi,
The BN_to_ASN1_INTEGER method in crypto/asn1/a_int.c leaks memory when a non-null, initialized ASN1_INTEGER object is passed in the 2nd argument. Here is a bug fix patch against openssl-0.9.6d: Regards, Zoltan Index: a_int.c =================================================================== RCS file: /var/cvs/openssl/crypto/asn1/a_int.c,v retrieving revision 1.1.1.1 diff -c -r1.1.1.1 a_int.c *** a_int.c 2002/05/10 20:33:08 1.1.1.1 --- a_int.c 2002/05/25 14:43:45 *************** *** 451,457 **** else ret->type=V_ASN1_INTEGER; j=BN_num_bits(bn); len=((j == 0)?0:((j/8)+1)); ! ret->data=(unsigned char *)OPENSSL_malloc(len+4); ret->length=BN_bn2bin(bn,ret->data); return(ret); err: --- 451,466 ---- else ret->type=V_ASN1_INTEGER; j=BN_num_bits(bn); len=((j == 0)?0:((j/8)+1)); ! if (ret->length < len+4) ! { ! char *new_data=(char *)OPENSSL_realloc(ret->data, len+4); ! if (!new_data) ! { ! ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE); ! goto err; ! } ! ret->data=new_data; ! } ret->length=BN_bn2bin(bn,ret->data); return(ret); err: ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]