Hello All, In reviewing code in directory 'crypto/ec', file 'ec_lib.c'', there appears to be allocated memory which is not released when a return 0; is encountered in some cases of OPENSSL_malloc(). The patch file below should address/correct these minor leaks:
--- ec_lib.c.orig 2016-03-08 10:46:45.885643748 -0800
+++ ec_lib.c 2016-03-08 10:53:51.196698596 -0800
@@ -231,8 +231,11 @@
if (src->generator != NULL) {
if (dest->generator == NULL) {
dest->generator = EC_POINT_new(dest);
- if (dest->generator == NULL)
+ if (dest->generator == NULL) {
+ if (dest->mont_data != NULL)
+ BN_MONT_CTX_free(dest->mont_data);
return 0;
+ }
}
if (!EC_POINT_copy(dest->generator, src->generator))
return 0;
@@ -256,7 +259,11 @@
if (src->seed) {
OPENSSL_free(dest->seed);
dest->seed = OPENSSL_malloc(src->seed_len);
- if (dest->seed == NULL)
+ if (dest->seed == NULL) {
+ if (dest->mont_data != NULL)
+ EC_POINT_clear_free(dest->mont_data);
+ if (dest->generator != NULL)
+ EC_POINT_clear_free(dest->generator);
return 0;
if (!memcpy(dest->seed, src->seed, src->seed_len))
return 0;
=======================================================================
Bill Parker (wp02855 at gmail dot com)
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4401
Please log in as guest with password guest if prompted
ec_lib.c.patch
Description: Binary data
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
