From 7d2a03f8c97e0c2e86d73dac479ab4ec1e3cd57b Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Sat, 21 Jul 2018 10:08:17 +0900 Subject: [PATCH] OBJ_obj2nid memory leak --- src/ssl.c | 35 +++++++++++++++++++++-------------- tests/api.c | 17 +++++++---------- wolfssl/ssl.h | 2 ++ 3 files changed, 30 insertions(+), 24 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index c703bdc32..8c50069d6 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -15499,14 +15499,14 @@ void wolfSSL_ASN1_OBJECT_free(WOLFSSL_ASN1_OBJECT* obj) return; } - if (obj->dynamic == 1) { - if (obj->obj != NULL) { - WOLFSSL_MSG("Freeing ASN1 OBJECT data"); - XFREE(obj->obj, obj->heap, DYNAMIC_TYPE_ASN1); - } + if ((obj->obj != NULL) && ((obj->dynamic & WOLFSSL_ASN1_DYNAMIC_DATA) != 0)) { + WOLFSSL_MSG("Freeing ASN1 data"); + XFREE(obj->obj, obj->heap, DYNAMIC_TYPE_ASN1); } - - XFREE(obj, NULL, DYNAMIC_TYPE_ASN1); + if ((obj->dynamic & WOLFSSL_ASN1_DYNAMIC) != 0) { + WOLFSSL_MSG("Freeing ASN1 OBJECT"); + XFREE(obj, NULL, DYNAMIC_TYPE_ASN1); + } } @@ -28473,7 +28473,8 @@ int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *rsa, const unsigned char **pp) } if ((ret = wc_RsaKeyToPublicDer((RsaKey *)rsa->internal, der, derLen)) < 0){ WOLFSSL_MSG("RsaKeyToPublicDer failed"); - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if(der != NULL) + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); return ret; } if((pp != NULL) && (ret >= 0)) @@ -30180,10 +30181,13 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct"); return NULL; } + obj->dynamic = WOLFSSL_ASN1_DYNAMIC; + } else { + obj->dynamic = 0; } obj->type = id; obj->grp = type; - obj->dynamic = 1; + XMEMCPY(obj->sName, (char*)sName, XSTRLEN((char*)sName)); objBuf[0] = ASN_OBJECT_ID; objSz++; @@ -30191,11 +30195,14 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) XMEMCPY(objBuf + objSz, oid, oidSz); objSz += oidSz; obj->objSz = objSz; - - obj->obj = (byte*)XMALLOC(obj->objSz, NULL, DYNAMIC_TYPE_ASN1); - if (obj->obj == NULL) { - wolfSSL_ASN1_OBJECT_free(obj); - return NULL; + if(((obj->dynamic & WOLFSSL_ASN1_DYNAMIC) != 0) || + (((obj->dynamic & WOLFSSL_ASN1_DYNAMIC) == 0) && (obj->obj == NULL))) { + obj->obj = (byte*)XMALLOC(obj->objSz, NULL, DYNAMIC_TYPE_ASN1); + if (obj->obj == NULL) { + wolfSSL_ASN1_OBJECT_free(obj); + return NULL; + } + obj->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA ; } XMEMCPY(obj->obj, objBuf, obj->objSz); diff --git a/tests/api.c b/tests/api.c index e257eaad1..3a1922c99 100644 --- a/tests/api.c +++ b/tests/api.c @@ -14989,7 +14989,7 @@ static void test_wc_PKCS7_EncodeSignedData_ex(void) int certSz, keySz; fp = XFOPEN("./certs/client-ecc-cert.der", "rb"); - AssertTrue(fp != BADFILE); + AssertTrue(fp != XBADFILE); certSz = XFREAD(cert, 1, sizeof_cliecc_cert_der_256, fp); XFCLOSE(fp); @@ -18552,29 +18552,28 @@ static void test_wolfSSL_OBJ(void) for (i = 0; f[i] != NULL; i++) { - printf("file=%s\n", f[i]); AssertTrue((fp = XFOPEN(f[i], "r")) != XBADFILE); AssertNotNull(x509 = d2i_X509_fp(fp, NULL)); + XFCLOSE(fp); AssertNotNull(x509Name = X509_get_issuer_name(x509)); AssertIntNE((numNames = X509_NAME_entry_count(x509Name)), 0); AssertTrue((bio = BIO_new(BIO_s_mem())) != NULL); for (j = 0; j < numNames; j++) { - AssertNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, j)); + AssertNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, j)); AssertNotNull(asn1Name = X509_NAME_ENTRY_get_object(x509NameEntry)); AssertTrue((nid = OBJ_obj2nid(asn1Name)) > 0); - printf("nid=%d\n", nid); - //ASN1_OBJECT_free(asn1Name); } BIO_free(bio); X509_free(x509); - XFCLOSE(fp); + ASN1_OBJECT_free(asn1Name); } for (i = 0; p12_f[i] != NULL; i++) { AssertTrue((fp = XFOPEN(p12_f[i], "r")) != XBADFILE); AssertNotNull(p12 = d2i_PKCS12_fp(fp, NULL)); + XFCLOSE(fp); AssertTrue((boolRet = PKCS12_parse(p12, "wolfSSL test", &pkey, &x509, NULL)) > 0); AssertNotNull((x509Name = X509_get_issuer_name(x509)) != NULL); AssertIntNE((numNames = X509_NAME_entry_count(x509Name)), 0); @@ -18585,12 +18584,10 @@ static void test_wolfSSL_OBJ(void) AssertNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, j)); AssertNotNull(asn1Name = X509_NAME_ENTRY_get_object(x509NameEntry)); AssertTrue((nid = OBJ_obj2nid(asn1Name)) > 0); - printf("nid=%d\n", nid); - //ASN1_OBJECT_free(asn1Name); } BIO_free(bio); X509_free(x509); - XFCLOSE(fp); + ASN1_OBJECT_free(asn1Name); } printf(resultFmt, passed); @@ -19262,7 +19259,7 @@ static void test_wolfSSL_RSA_DER(void) AssertIntEQ(i2d_RSAPublicKey(rsa, &buff), pub[i].sz); AssertNotNull(buff); AssertIntEQ(0, memcmp((void *)buff, (void *)pub[i].der, pub[i].sz)); - free((void *)buff); + XFREE((void *)buff, NULL, DYNAMIC_TYPE_TMP_BUFFER); RSA_free(rsa); } diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index c05d85314..25f304597 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -220,6 +220,8 @@ struct WOLFSSL_ASN1_OBJECT { int nid; unsigned int objSz; unsigned char dynamic; /* if 1 then obj was dynamiclly created, 0 otherwise */ + #define WOLFSSL_ASN1_DYNAMIC 0x1 + #define WOLFSSL_ASN1_DYNAMIC_DATA 0x2 struct d { /* derefrenced */ WOLFSSL_ASN1_STRING ia5_internal; WOLFSSL_ASN1_STRING* ia5; /* points to ia5_internal */