diff options
| author | Theo Buehler <tb@cvs.openbsd.org> | 2022-02-22 13:45:10 +0000 |
|---|---|---|
| committer | Theo Buehler <tb@cvs.openbsd.org> | 2022-02-22 13:45:10 +0000 |
| commit | 1e142e153a00aea8764d9868588f3b09f490e2bc (patch) | |
| tree | d2d0ce4f8affee8d0e0c570c141dc5fa0eaa7c74 | |
| parent | b9d99f02ae95ccda0047bdaf5c89aa387c5ff652 (diff) | |
Plug leak in ec_key_create()
EVP_PKEY_set1_EC_KEY() bumps the refcount of eckey, so eckey won't be
freed at the end of keyproc() or acctproc(), which means that secrets
aren't wiped. Move EC_KEY_free() to the out label, so that the refcount
is decremented or the key freed, as appropriate.
tested/ok claudio
| -rw-r--r-- | usr.sbin/acme-client/key.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/usr.sbin/acme-client/key.c b/usr.sbin/acme-client/key.c index 051d1cc33aa..c3374914547 100644 --- a/usr.sbin/acme-client/key.c +++ b/usr.sbin/acme-client/key.c @@ -1,4 +1,4 @@ -/* $Id: key.c,v 1.5 2022/02/22 12:38:30 tb Exp $ */ +/* $Id: key.c,v 1.6 2022/02/22 13:45:09 tb Exp $ */ /* * Copyright (c) 2019 Renaud Allard <renaud@allard.it> * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv> @@ -116,10 +116,10 @@ ec_key_create(FILE *f, const char *fname) goto out; err: - EC_KEY_free(eckey); EVP_PKEY_free(pkey); pkey = NULL; out: + EC_KEY_free(eckey); return pkey; } |