The code in apps/req.c will use the variable out for both the key and the csr outfile.
This causes a memory leak because if both a private key and a csr is written the variable is re-used without freeing it. See attached patch. (This could also be fixed by using a different var for both files, could be considered more consistent, but I decided to use a less invasive patch that just needs to add a single line.) Please apply patch. -- Hanno Böck http://hboeck.de/ mail/jabber: [email protected] GPG: BBB51E42
--- a/apps/req.c 2015-05-25 14:54:22.131858356 +0200
+++ b/apps/req.c 2015-05-25 15:15:01.999814984 +0200
@@ -612,6 +612,7 @@
}
goto end;
}
+ BIO_free(out);
BIO_printf(bio_err, "-----\n");
}
pgpRoQkvMoFB_.pgp
Description: PGP signature
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
