Hello,
Our UC-KLEE tool found a memory leak in ssl_cert_dup (ssl/ssl_cert.c). The bug
affects commit 43257b9f51de749262258668c77c2f0f99d7a15b from the 1.0.2 branch,
but it appears to date back many years.
On line 222 of ssl/ssl_cert.c, ssl_cert_dup() allocates a new CERT:
ret = (CERT *)OPENSSL_malloc(sizeof(CERT));
If any of the subsequent allocations or _dup()’s fail, we jump to ‘err’, which
frees many of the fields within ‘ret’, but forgets to free ‘ret’ itself
(leaking 728 bytes on my x86_64 Linux build). I believe there needs to be a
call to:
OPENSSL_free(ret);
before the 'return NULL' at line 440.
Please let me know if you have any questions.
Thanks,
-David
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
