Dear,
If I'm correct about this problem. It occurs on several other places where 'lh_OBJ_NAME_insert' is used. Kind regards, Marwijn _____ From: Marwijn Hessel [mailto:marwijn.hes...@altenpts.nl] Sent: April 16, 2010 11:17 To: 'r...@openssl.org' Subject: Memory leak in \crypto\objects\o_names.c in method 'OBJ_NAME_add'. Importance: High Dear, In '\crypto\objects\o_names.c' in method 'OBJ_NAME_add' the follwing is done: int OBJ_NAME_add (const char *name, int type, const char *data) { ... onp = (OBJ_NAME *) OPENSSL_malloc(sizeof(OBJ_NAME)); ... ret = lh_OBJ_NAME_insert(names_lh, onp); if (ret != NULL) { ... } else { if (lh_OBJ_NAME_error(names_lh)) { /* ERROR */ return(0); } } return (1); } This should be: int OBJ_NAME_add (const char *name, int type, const char *data) { ... onp = (OBJ_NAME *) OPENSSL_malloc(sizeof(OBJ_NAME)); ... ret = lh_OBJ_NAME_insert(names_lh, onp); if (ret != NULL) { ... } else { OPENSSL_free(onp); /* free the OBJ_NAME structure */ /* ERROR */ return (0); } return (1); } Explanation: When the method 'lh_OBJ_NAME_insert' is called it returns, in case of an error, a NULL pointer. The error flag in the names_lh structure is also increased. The method 'OBJ_NAME_add' returns a zero. The allocated memory (the 'onp' pointer) is in this case never released. Changing the code in that in case of an error the allocated memory is release is in my opinion the correct solution (see example above). Is my analysis correct? Kind regards, Marwijn
|
Dear, If I’m correct about this problem.
It occurs on several other places where ‘lh_OBJ_NAME_insert’ is used. Kind regards, Marwijn From: Marwijn Hessel
[mailto:marwijn.hes...@altenpts.nl] Dear, In ‘\crypto\objects\o_names.c’ in method
‘OBJ_NAME_add’ the follwing is done: int OBJ_NAME_add (const char
*name, int type, const char *data) { ... *) OPENSSL_malloc(sizeof(OBJ_NAME)); ... ret = lh_OBJ_NAME_insert(names_lh,
onp); if (ret != NULL) { ... } else { if (lh_OBJ_NAME_error(names_lh)) { /* ERROR */ return(0); } } return (1); } This should be: int OBJ_NAME_add (const char *name,
int type, const char *data) { ... *) OPENSSL_malloc(sizeof(OBJ_NAME)); ... ret =
lh_OBJ_NAME_insert(names_lh, onp); if (ret != NULL) { ... } else { OPENSSL_free(onp); /* free the OBJ_NAME
structure */ /* ERROR */ return (0); } return (1); } Explanation: When the method ‘lh_OBJ_NAME_insert’ is
called it returns, in case of an error, a NULL pointer. The error flag in the
names_lh structure is also increased. The method ‘OBJ_NAME_add’ returns a zero.
The allocated memory (the ‘onp’ pointer) is in this case never
released. Changing the code in that in case of an error the
allocated memory is release is in my opinion the correct solution (see example
above). Is my analysis correct? Kind regards, Marwijn |
