STORE is an experimental API that isn't used in 1.0.2 (or any earlier series). For the next major version, the STORE API is being entirely rewritten. Please stay tuned.
In the mean time, I'll simply close this ticket, Vid Ons, 11 Nov 2015 kl. 04.15.16, skrev [email protected]: > Hello! > > I work with openssl 1.0.2d, and I found a memory leak in > STORE_store_private_key() function (defined in crypto/store/str_lib.c). > Here is a code fragment: > > 465:int STORE_store_private_key(STORE *s, EVP_PKEY *data, > 466: OPENSSL_ITEM attributes[], > 467: OPENSSL_ITEM parameters[]) > 468:{ > 469: STORE_OBJECT *object; > 470: int i; > 471: > 472: check_store(s, STORE_F_STORE_STORE_PRIVATE_KEY, > 473: store_object, STORE_R_NO_STORE_OBJECT_FUNCTION); > 474: > 475: object = STORE_OBJECT_new(); > 476: if (!object) { > 477: STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, ERR_R_MALLOC_FAILURE); > 478: return 0; > 479: } > 480: object->data.key = EVP_PKEY_new(); > 481: if (!object->data.key) { > 482: STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, ERR_R_MALLOC_FAILURE); > 483: return 0; > 484: } > 485: > 486: CRYPTO_add(&data->references, 1, CRYPTO_LOCK_EVP_PKEY); > 487:#ifdef REF_PRINT > 488: REF_PRINT("EVP_PKEY", data); > 489:#endif > 490: object->data.key = data; > > At line 480 pointer to newly allocated key object is stored in > 'object->data.key' variable. > At line 490 variable 'object->data.key' is overwritten with new value. So, > memory allocated at line 480 will never be freed. -- Richard Levitte [email protected] _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
