Re: acme-client: plug leak in ec_key_create()

[Claudio Jeker]

On Tue, Feb 22, 2022 at 02:01:26PM +0100, Theo Buehler wrote:
> EVP_PKEY_set1_EC_KEY() bumps eckey's refcount (that's what "set1" means),
> so eckey isn't freed when pkey is freed at the end of keyproc() or
> acctproc() (which means that secret data isn't wiped). Moving the
> freeing of eckey to the end of ec_key_create() decrements the refcount
> again which should fix this.
> 
> I don't currently have an easy way to test this, so I would appreciate
> if someone could try this.

I agree with the diff and tested this with a ecdsa domain key. No problem
found. OK claudio@
 
> Index: key.c
> ===
> RCS file: /cvs/src/usr.sbin/acme-client/key.c,v
> retrieving revision 1.5
> diff -u -p -r1.5 key.c
> --- key.c 22 Feb 2022 12:38:30 -  1.5
> +++ key.c 22 Feb 2022 12:51:32 -
> @@ -116,10 +116,10 @@ ec_key_create(FILE *f, const char *fname
>   goto out;
>  
>  err:
> - EC_KEY_free(eckey);
>   EVP_PKEY_free(pkey);
>   pkey = NULL;
>  out:
> + EC_KEY_free(eckey);
>   return pkey;
>  }
>  
> 

-- 
:wq Claudio

acme-client: plug leak in ec_key_create()

[Theo Buehler]

EVP_PKEY_set1_EC_KEY() bumps eckey's refcount (that's what "set1" means),
so eckey isn't freed when pkey is freed at the end of keyproc() or
acctproc() (which means that secret data isn't wiped). Moving the
freeing of eckey to the end of ec_key_create() decrements the refcount
again which should fix this.

I don't currently have an easy way to test this, so I would appreciate
if someone could try this.

Index: key.c
===
RCS file: /cvs/src/usr.sbin/acme-client/key.c,v
retrieving revision 1.5
diff -u -p -r1.5 key.c
--- key.c   22 Feb 2022 12:38:30 -  1.5
+++ key.c   22 Feb 2022 12:51:32 -
@@ -116,10 +116,10 @@ ec_key_create(FILE *f, const char *fname
goto out;
 
 err:
-   EC_KEY_free(eckey);
EVP_PKEY_free(pkey);
pkey = NULL;
 out:
+   EC_KEY_free(eckey);
return pkey;
 }