summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTheo Buehler <tb@cvs.openbsd.org>2020-11-18 17:54:47 +0000
committerTheo Buehler <tb@cvs.openbsd.org>2020-11-18 17:54:47 +0000
commit8248dbc97d416cd7e047cc4fb8ed2e1bb189a459 (patch)
tree8f68985a349714763cf00e5e40082a6098715e93
parent9a304f6ebc2246db0ee614d3ba63a7c2c6eb3e28 (diff)
Plug leak in x509_verify_chain_dup()
x509_verify_chain_new() allocates a few members of a certificate chain: an empty stack of certificates, a list of errors encountered while validating the chain, and a list of name constraints. The function to copy a chain would allocate a new chain using x509_verify_chain_new() and then clobber its members by copies of the old chain. Fix this by replacing x509_verify_chain_new() with calloc(). Found by review while investigating the report by Hanno Zysik who found the same leak using valgrind. This is a cleaner version of my initial fix from jsing. ok jsing
-rw-r--r--lib/libcrypto/x509/x509_verify.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/libcrypto/x509/x509_verify.c b/lib/libcrypto/x509/x509_verify.c
index 76cc70a2040..59a8a1e5b68 100644
--- a/lib/libcrypto/x509/x509_verify.c
+++ b/lib/libcrypto/x509/x509_verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_verify.c,v 1.23 2020/11/18 17:13:55 tb Exp $ */
+/* $OpenBSD: x509_verify.c,v 1.24 2020/11/18 17:54:46 tb Exp $ */
/*
* Copyright (c) 2020 Bob Beck <beck@openbsd.org>
*
@@ -86,7 +86,7 @@ x509_verify_chain_dup(struct x509_verify_chain *chain)
{
struct x509_verify_chain *new_chain;
- if ((new_chain = x509_verify_chain_new()) == NULL)
+ if ((new_chain = calloc(1, sizeof(*chain))) == NULL)
goto err;
if ((new_chain->certs = X509_chain_up_ref(chain->certs)) == NULL)
goto err;