mirror of
https://github.com/OpenVPN/openvpn.git
synced 2024-09-20 12:02:28 +02:00
openssl: fix EVP_PKEY_CTX memory leak
A context allocated with EVP_PKEY_CTX_new_id() must be ultimately free'd by Eng VP_PKEY_CTX_free(). Failing to do so will result in a memory leak. This bug was discovered using GCC with "-fsanitize=address". Signed-off-by: Antonio Quartulli <antonio@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <20210405080007.1665-1-a@unstable.cc> URL: https://www.mail-archive.com/search?l=mid&q=20210405080007.1665-1-a@unstable.cc Signed-off-by: Gert Doering <gert@greenie.muc.de>
This commit is contained in:
parent
165cda3169
commit
24e58164b8
@ -1125,37 +1125,41 @@ bool
|
|||||||
ssl_tls1_PRF(const uint8_t *seed, int seed_len, const uint8_t *secret,
|
ssl_tls1_PRF(const uint8_t *seed, int seed_len, const uint8_t *secret,
|
||||||
int secret_len, uint8_t *output, int output_len)
|
int secret_len, uint8_t *output, int output_len)
|
||||||
{
|
{
|
||||||
|
bool ret = false;
|
||||||
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL);
|
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL);
|
||||||
if (!EVP_PKEY_derive_init(pctx))
|
if (!EVP_PKEY_derive_init(pctx))
|
||||||
{
|
{
|
||||||
return false;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!EVP_PKEY_CTX_set_tls1_prf_md(pctx, EVP_md5_sha1()))
|
if (!EVP_PKEY_CTX_set_tls1_prf_md(pctx, EVP_md5_sha1()))
|
||||||
{
|
{
|
||||||
return false;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, secret, secret_len))
|
if (!EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, secret, secret_len))
|
||||||
{
|
{
|
||||||
return false;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed, seed_len))
|
if (!EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed, seed_len))
|
||||||
{
|
{
|
||||||
return false;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
size_t out_len = output_len;
|
size_t out_len = output_len;
|
||||||
if (!EVP_PKEY_derive(pctx, output, &out_len))
|
if (!EVP_PKEY_derive(pctx, output, &out_len))
|
||||||
{
|
{
|
||||||
return false;
|
goto out;
|
||||||
}
|
}
|
||||||
if (out_len != output_len)
|
if (out_len != output_len)
|
||||||
{
|
{
|
||||||
return false;
|
goto out;
|
||||||
}
|
}
|
||||||
return true;
|
ret = true;
|
||||||
|
out:
|
||||||
|
EVP_PKEY_CTX_free(pctx);
|
||||||
|
return ret;
|
||||||
}
|
}
|
||||||
#else /* if OPENSSL_VERSION_NUMBER >= 0x10100000L */
|
#else /* if OPENSSL_VERSION_NUMBER >= 0x10100000L */
|
||||||
/*
|
/*
|
||||||
|
Loading…
Reference in New Issue
Block a user