I ran make which regenerated the objects, thanks for pointing that out, I attached an updated patch without the change.
--- Kurt Cancemi https://www.x64architecture.com On Thu, Aug 28, 2014 at 12:41 PM, Kurt Roeckx <k...@roeckx.be> wrote: > On Thu, Aug 28, 2014 at 03:11:14PM +0200, Kurt Cancemi via RT wrote: >> The attached updated patch fixes a style error. > > I still have a bunch of other patches like this to go thru, but > did a quick look at this, and at least this looks weird: > >> --- a/crypto/objects/obj_xref.h >> +++ b/crypto/objects/obj_xref.h >> @@ -54,8 +54,8 @@ static const nid_triple sigoid_srt[] = >> static const nid_triple * const sigoid_srt_xref[] = >> { >> &sigoid_srt[29], >> - &sigoid_srt[17], >> &sigoid_srt[18], >> + &sigoid_srt[17], >> &sigoid_srt[0], >> &sigoid_srt[1], >> &sigoid_srt[7], > > Can you explain that? > > > Kurt > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager majord...@openssl.org
From e5ec6311b407e52e096ad0197814e77176b4c9f9 Mon Sep 17 00:00:00 2001 From: Kurt Cancemi <k...@x64architecture.com> Date: Thu, 28 Aug 2014 13:48:39 -0400 Subject: [PATCH] Fix memory leaks. --- crypto/asn1/x_x509a.c | 21 ++++++++++++++++----- crypto/ec/ec_ameth.c | 1 + crypto/ec/ec_mult.c | 1 + crypto/ec/ecp_mont.c | 7 +++++-- crypto/pkcs7/pk7_smime.c | 1 + crypto/x509/x509_trs.c | 2 ++ crypto/x509/x509_vfy.c | 1 + crypto/x509v3/pcy_data.c | 4 ++++ crypto/x509v3/pcy_tree.c | 3 +++ 9 files changed, 34 insertions(+), 7 deletions(-) diff --git a/crypto/asn1/x_x509a.c b/crypto/asn1/x_x509a.c index 03a9c45..ec3da38 100644 --- a/crypto/asn1/x_x509a.c +++ b/crypto/asn1/x_x509a.c @@ -159,12 +159,23 @@ int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj) int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj) { X509_CERT_AUX *aux; - ASN1_OBJECT *objtmp; - if(!(objtmp = OBJ_dup(obj))) return 0; - if(!(aux = aux_get(x))) return 0; - if(!aux->reject - && !(aux->reject = sk_ASN1_OBJECT_new_null())) return 0; + ASN1_OBJECT *objtmp = NULL; + if (obj) + { + objtmp = OBJ_dup(obj); + if (!objtmp) + return 0; + } + if(!(aux = aux_get(x))) + goto err; + if(!aux->reject && !(aux->reject = sk_ASN1_OBJECT_new_null())) + goto err; return sk_ASN1_OBJECT_push(aux->reject, objtmp); + + err: + if (objtmp) + ASN1_OBJECT_free(objtmp); + return 0; } void X509_trust_clear(X509 *x) diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index a149bf6..15e86c4 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -387,6 +387,7 @@ static int ec_bits(const EVP_PKEY *pkey) group = EC_KEY_get0_group(pkey->pkey.ec); if (!EC_GROUP_get_order(group, order, NULL)) { + BN_free(order); ERR_clear_error(); return 0; } diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index fb693c3..3b23c5d 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -535,6 +535,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, if (numblocks > pre_comp->numblocks) { ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); + OPENSSL_free(tmp_wNAF); goto err; } totalnum = num + numblocks; diff --git a/crypto/ec/ecp_mont.c b/crypto/ec/ecp_mont.c index 232ae34..2735957 100644 --- a/crypto/ec/ecp_mont.c +++ b/crypto/ec/ecp_mont.c @@ -229,8 +229,11 @@ int ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM * } one = BN_new(); if (one == NULL) goto err; - if (!BN_to_montgomery(one, BN_value_one(), mont, ctx)) goto err; - + if (!BN_to_montgomery(one, BN_value_one(), mont, ctx)) + { + BN_free(one); + goto err; + } group->field_data1 = mont; mont = NULL; group->field_data2 = one; diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c index a5104f8..9024ce8 100644 --- a/crypto/pkcs7/pk7_smime.c +++ b/crypto/pkcs7/pk7_smime.c @@ -364,6 +364,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, if (tmpin == NULL) { PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE); + sk_X509_free(signers); return 0; } } diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c index 3d7e068..5781573 100644 --- a/crypto/x509/x509_trs.c +++ b/crypto/x509/x509_trs.c @@ -206,10 +206,12 @@ int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), if(idx == -1) { if(!trtable && !(trtable = sk_X509_TRUST_new(tr_cmp))) { X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE); + OPENSSL_free(trtmp); return 0; } if (!sk_X509_TRUST_push(trtable, trtmp)) { X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE); + OPENSSL_free(trtmp); return 0; } } diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 85aa113..ae4fff9 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -353,6 +353,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) x = xtmp; if (!sk_X509_push(ctx->chain,x)) { + sk_X509_free(sktmp); X509_free(xtmp); X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE); return 0; diff --git a/crypto/x509v3/pcy_data.c b/crypto/x509v3/pcy_data.c index 3444b03..2bb5868 100644 --- a/crypto/x509v3/pcy_data.c +++ b/crypto/x509v3/pcy_data.c @@ -99,7 +99,11 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, id = NULL; ret = OPENSSL_malloc(sizeof(X509_POLICY_DATA)); if (!ret) + { + if (id) + ASN1_OBJECT_free(id); return NULL; + } ret->expected_policy_set = sk_ASN1_OBJECT_new_null(); if (!ret->expected_policy_set) { diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c index 47b1bf8..f8658ba 100644 --- a/crypto/x509v3/pcy_tree.c +++ b/crypto/x509v3/pcy_tree.c @@ -684,7 +684,10 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree, { tree->user_policies = sk_X509_POLICY_NODE_new_null(); if (!tree->user_policies) + { + OPENSSL_free(node); return 1; + } } if (!sk_X509_POLICY_NODE_push(tree->user_policies, node)) return 0; -- 2.1.0