diff options
| author | Theo Buehler <tb@cvs.openbsd.org> | 2020-11-18 17:54:47 +0000 |
|---|---|---|
| committer | Theo Buehler <tb@cvs.openbsd.org> | 2020-11-18 17:54:47 +0000 |
| commit | 8248dbc97d416cd7e047cc4fb8ed2e1bb189a459 (patch) | |
| tree | 8f68985a349714763cf00e5e40082a6098715e93 /lib/libcrypto/x509/x509_verify.c | |
| parent | 9a304f6ebc2246db0ee614d3ba63a7c2c6eb3e28 (diff) | |
Plug leak in x509_verify_chain_dup()
x509_verify_chain_new() allocates a few members of a certificate chain:
an empty stack of certificates, a list of errors encountered while
validating the chain, and a list of name constraints. The function to
copy a chain would allocate a new chain using x509_verify_chain_new()
and then clobber its members by copies of the old chain. Fix this by
replacing x509_verify_chain_new() with calloc().
Found by review while investigating the report by Hanno Zysik who
found the same leak using valgrind. This is a cleaner version of
my initial fix from jsing.
ok jsing
Diffstat (limited to 'lib/libcrypto/x509/x509_verify.c')
| -rw-r--r-- | lib/libcrypto/x509/x509_verify.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/libcrypto/x509/x509_verify.c b/lib/libcrypto/x509/x509_verify.c index 76cc70a2040..59a8a1e5b68 100644 --- a/lib/libcrypto/x509/x509_verify.c +++ b/lib/libcrypto/x509/x509_verify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_verify.c,v 1.23 2020/11/18 17:13:55 tb Exp $ */ +/* $OpenBSD: x509_verify.c,v 1.24 2020/11/18 17:54:46 tb Exp $ */ /* * Copyright (c) 2020 Bob Beck <beck@openbsd.org> * @@ -86,7 +86,7 @@ x509_verify_chain_dup(struct x509_verify_chain *chain) { struct x509_verify_chain *new_chain; - if ((new_chain = x509_verify_chain_new()) == NULL) + if ((new_chain = calloc(1, sizeof(*chain))) == NULL) goto err; if ((new_chain->certs = X509_chain_up_ref(chain->certs)) == NULL) goto err; |