feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Plug memory leaks

Browse Source
This commit is contained in:
Juliusz Sosinowicz
2020-10-23 19:25:45 +02:00
parent 7df8f2e2bb
commit b528a1a344
8 changed files with 127 additions and 157 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/internal.c
View File

@@ -1854,10 +1854,6 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
wolfSSL_CertManagerFree(ctx->cm);
ctx->cm = NULL;
#ifdef OPENSSL_EXTRA
/* ctx->cm was free'd so cm of x509 store should now be NULL */
if (ctx->x509_store_pt != NULL) {
ctx->x509_store_pt->cm = NULL;
}
wolfSSL_X509_STORE_free(ctx->x509_store_pt);
while (ctx->ca_names != NULL) {
WOLFSSL_STACK *next = ctx->ca_names->next;
@@ -3461,6 +3457,11 @@ void FreeX509(WOLFSSL_X509* x509)
x509->key.pkey = NULL;
}
#endif /* OPENSSL_ALL */
#ifdef WOLFSSL_CERT_REQ
if (x509->challengePwAttr) {
wolfSSL_X509_ATTRIBUTE_free(x509->challengePwAttr);
}
#endif /* WOLFSSL_CERT_REQ */
if (x509->altNames) {
FreeAltNames(x509->altNames, x509->heap);
x509->altNames = NULL;

229
src/ssl.c
View File

@@ -15491,10 +15491,6 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
ctx->x509_store.cm = str->cm;
/* free existing store if it exists */
if (ctx->x509_store_pt != NULL) {
/* cert manager was free'd a little earlier in this function */
ctx->x509_store_pt->cm = NULL;
}
wolfSSL_X509_STORE_free(ctx->x509_store_pt);
ctx->x509_store.cache = str->cache;
ctx->x509_store_pt = str; /* take ownership of store and free it
@@ -19509,55 +19505,6 @@ WOLFSSL_CONF_VALUE *wolfSSL_CONF_VALUE_new(void)
return ret;
}
WOLFSSL_CONF_VALUE *wolfSSL_CONF_VALUE_new_values(char* section,
char* name, char* value)
{
WOLFSSL_CONF_VALUE* ret;
int len;
WOLFSSL_ENTER("wolfSSL_CONF_VALUE_new_values");
if (!(ret = wolfSSL_CONF_VALUE_new())) {
WOLFSSL_MSG("wolfSSL_CONF_VALUE_new error");
return NULL;
}
if (section) {
len = XSTRLEN(section);
ret->section = (char*)XMALLOC(len+1, NULL, DYNAMIC_TYPE_OPENSSL);
if (!ret->section) {
WOLFSSL_MSG("malloc error");
wolfSSL_X509V3_conf_free(ret);
return NULL;
}
XMEMCPY(ret->section, section, len+1);
}
if (name) {
len = XSTRLEN(name);
ret->name = (char*)XMALLOC(len+1, NULL, DYNAMIC_TYPE_OPENSSL);
if (!ret->name) {
WOLFSSL_MSG("malloc error");
wolfSSL_X509V3_conf_free(ret);
return NULL;
}
XMEMCPY(ret->name, name, len+1);
}
if (value) {
len = XSTRLEN(value);
ret->value = (char*)XMALLOC(len+1, NULL, DYNAMIC_TYPE_OPENSSL);
if (!ret->value) {
WOLFSSL_MSG("malloc error");
wolfSSL_X509V3_conf_free(ret);
return NULL;
}
XMEMCPY(ret->value, value, len+1);
}
return ret;
}
int wolfSSL_CONF_add_string(WOLFSSL_CONF *conf,
WOLFSSL_CONF_VALUE *section, WOLFSSL_CONF_VALUE *value)
{
@@ -19773,6 +19720,55 @@ WOLFSSL_STACK *wolfSSL_NCONF_get_section(
return NULL;
}
static WOLFSSL_CONF_VALUE *wolfSSL_CONF_VALUE_new_values(char* section,
char* name, char* value)
{
WOLFSSL_CONF_VALUE* ret;
int len;
WOLFSSL_ENTER("wolfSSL_CONF_VALUE_new_values");
if (!(ret = wolfSSL_CONF_VALUE_new())) {
WOLFSSL_MSG("wolfSSL_CONF_VALUE_new error");
return NULL;
}
if (section) {
len = XSTRLEN(section);
ret->section = (char*)XMALLOC(len+1, NULL, DYNAMIC_TYPE_OPENSSL);
if (!ret->section) {
WOLFSSL_MSG("malloc error");
wolfSSL_X509V3_conf_free(ret);
return NULL;
}
XMEMCPY(ret->section, section, len+1);
}
if (name) {
len = XSTRLEN(name);
ret->name = (char*)XMALLOC(len+1, NULL, DYNAMIC_TYPE_OPENSSL);
if (!ret->name) {
WOLFSSL_MSG("malloc error");
wolfSSL_X509V3_conf_free(ret);
return NULL;
}
XMEMCPY(ret->name, name, len+1);
}
if (value) {
len = XSTRLEN(value);
ret->value = (char*)XMALLOC(len+1, NULL, DYNAMIC_TYPE_OPENSSL);
if (!ret->value) {
WOLFSSL_MSG("malloc error");
wolfSSL_X509V3_conf_free(ret);
return NULL;
}
XMEMCPY(ret->value, value, len+1);
}
return ret;
}
static char* expandValue(WOLFSSL_CONF *conf, const char* section,
char *str)
{
@@ -20001,7 +19997,7 @@ int wolfSSL_NCONF_load(WOLFSSL_CONF *conf, const char *file, long *eline)
goto cleanup;
}
if (!(newVal = wolfSSL_CONF_VALUE_new_values(section->section,
if (!(newVal = wolfSSL_CONF_VALUE_new_values(NULL,
name, exValue))) {
WOLFSSL_MSG("wolfSSL_CONF_VALUE_new_values error");
if (exValue != value)
@@ -20089,7 +20085,6 @@ WOLFSSL_STACK *wolfSSL_sk_CONF_VALUE_new(wolf_sk_compare_cb compFunc)
*/
void wolfSSL_sk_CONF_VALUE_free(WOLF_STACK_OF(WOLFSSL_CONF_VALUE)* sk)
{
WOLFSSL_STACK* node;
WOLFSSL_STACK* tmp;
WOLFSSL_ENTER("wolfSSL_sk_CONF_VALUE_free");
@@ -20097,16 +20092,12 @@ void wolfSSL_sk_CONF_VALUE_free(WOLF_STACK_OF(WOLFSSL_CONF_VALUE)* sk)
return;
/* parse through stack freeing each node */
node = sk->next;
while (node) {
tmp = node;
node = node->next;
wolfSSL_X509V3_conf_free(tmp->data.conf);
XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL);
while (sk) {
tmp = sk->next;
wolfSSL_X509V3_conf_free(sk->data.conf);
XFREE(sk, NULL, DYNAMIC_TYPE_OPENSSL);
sk = tmp;
}
/* free head of stack */
XFREE(sk, NULL, DYNAMIC_TYPE_ASN1);
}
int wolfSSL_sk_CONF_VALUE_num(const WOLFSSL_STACK *sk)
@@ -24355,6 +24346,7 @@ static WOLFSSL_X509* wolfSSL_d2i_X509_X509_REQ_bio(WOLFSSL_BIO* bio,
*x509 = localX509;
}
XFREE(mem, NULL, DYNAMIC_TYPE_OPENSSL);
return localX509;
}
#endif /* !NO_BIO */
@@ -29354,6 +29346,9 @@ void wolfSSL_sk_free(WOLFSSL_STACK* sk)
case STACK_TYPE_OBJ:
wolfSSL_sk_ASN1_OBJECT_free(sk);
break;
case STACK_TYPE_STRING:
wolfSSL_sk_WOLFSSL_STRING_free(sk);
break;
#ifdef OPENSSL_ALL
case STACK_TYPE_X509_INFO:
wolfSSL_sk_X509_INFO_free(sk);
@@ -40155,52 +40150,6 @@ cleanup:
return wolfSSL_X509_sign(x509, ctx->pctx->pkey, wolfSSL_EVP_MD_CTX_md(ctx));
}
/* Converts the x509 name structure into DER format.
*
* out pointer to either a pre setup buffer or a pointer to null for
* creating a dynamic buffer. In the case that a pre-existing buffer is
* used out will be incremented the size of the DER buffer on success.
*
* returns the size of the buffer on success, or negative value with failure
*/
int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out)
{
CertName cName;
unsigned char buf[256]; /* ASN_MAX_NAME */
int sz;
WOLFSSL_ENTER("wolfSSL_i2d_X509_NAME");
if (out == NULL || name == NULL) {
return BAD_FUNC_ARG;
}
XMEMSET(&cName, 0, sizeof(CertName));
if (CopyX509NameToCertName(name, &cName) != SSL_SUCCESS) {
WOLFSSL_MSG("Error converting x509 name to internal CertName");
return SSL_FATAL_ERROR;
}
sz = SetName(buf, sizeof(buf), &cName);
if (sz < 0) {
return sz;
}
/* using buffer passed in */
if (*out != NULL) {
XMEMCPY(*out, buf, sz);
*out += sz;
}
else {
*out = (unsigned char*)XMALLOC(sz, NULL, DYNAMIC_TYPE_OPENSSL);
if (*out == NULL) {
return MEMORY_E;
}
XMEMCPY(*out, buf, sz);
}
return sz;
}
#endif /* WOLFSSL_CERT_GEN */
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
@@ -41587,8 +41536,6 @@ err:
name->entry[loc].set = 0;
return ret;
}
#endif /* !NO_CERTS */
/* NID variables are dependent on compatibility header files currently
*
@@ -42863,7 +42810,6 @@ WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp, WOLFSSL_DSA **x,
#endif /* !NO_BIO */
#endif /* NO_DSA */
#endif /* OPENSSL_EXTRA */
#endif /* WOLFCRYPT_ONLY */
#if defined(OPENSSL_EXTRA)
@@ -47389,32 +47335,6 @@ int wolfSSL_X509_check_issued(WOLFSSL_X509 *issuer, WOLFSSL_X509 *subject)
return X509_V_OK;
}
char* wolfSSL_sk_WOLFSSL_STRING_value(WOLF_STACK_OF(WOLFSSL_STRING)* strings,
int idx)
{
for (; idx > 0 && strings != NULL; idx--)
strings = strings->next;
if (strings == NULL)
return NULL;
return strings->data.string;
}
#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || OPENSSL_ALL */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509 *x)
{
WOLFSSL_ENTER("wolfSSL_X509_dup");
if (x == NULL) {
WOLFSSL_MSG("Error: NULL certificate passed in");
return NULL;
}
return wolfSSL_X509_d2i(NULL, x->derCert->buffer, x->derCert->length);
}
WOLF_STACK_OF(WOLFSSL_STRING)* wolfSSL_sk_WOLFSSL_STRING_new(void)
{
WOLF_STACK_OF(WOLFSSL_STRING)* ret = wolfSSL_sk_new_node(NULL);
@@ -47426,6 +47346,23 @@ WOLF_STACK_OF(WOLFSSL_STRING)* wolfSSL_sk_WOLFSSL_STRING_new(void)
return ret;
}
void wolfSSL_sk_WOLFSSL_STRING_free(WOLF_STACK_OF(WOLFSSL_STRING)* sk)
{
WOLFSSL_STACK* tmp;
WOLFSSL_ENTER("wolfSSL_sk_WOLFSSL_STRING_free");
if (sk == NULL)
return;
/* parse through stack freeing each node */
while (sk) {
tmp = sk->next;
XFREE(sk->data.string, NULL, DYNAMIC_TYPE_OPENSSL);
XFREE(sk, NULL, DYNAMIC_TYPE_OPENSSL);
sk = tmp;
}
}
WOLFSSL_STRING wolfSSL_sk_WOLFSSL_STRING_value(WOLF_STACK_OF(WOLFSSL_STRING)* strings,
int idx)
{
@@ -47444,6 +47381,20 @@ int wolfSSL_sk_WOLFSSL_STRING_num(WOLF_STACK_OF(WOLFSSL_STRING)* strings)
}
#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || OPENSSL_ALL */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509 *x)
{
WOLFSSL_ENTER("wolfSSL_X509_dup");
if (x == NULL) {
WOLFSSL_MSG("Error: NULL certificate passed in");
return NULL;
}
return wolfSSL_X509_d2i(NULL, x->derCert->buffer, x->derCert->length);
}
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)
#ifdef HAVE_ALPN

24
tests/api.c
View File

@@ -25933,7 +25933,7 @@ static void test_wolfSSL_X509_check_private_key(void)
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \
defined(USE_CERT_BUFFERS_2048)
X509* x509;
EVP_PKEY* pkey;
EVP_PKEY* pkey = NULL;
const byte* key;
printf(testingFmt, "wolfSSL_X509_check_private_key()");
@@ -25946,6 +25946,7 @@ static void test_wolfSSL_X509_check_private_key(void)
&key, (long)sizeof_client_key_der_2048));
AssertIntEQ(X509_check_private_key(x509, pkey), 1);
EVP_PKEY_free(pkey);
pkey = NULL;
/* Check with wrong key */
key = server_key_der_2048;
@@ -27698,10 +27699,10 @@ static void test_wolfSSL_PKCS7_certs(void)
if (i == 0) {
PKCS7_free(p7);
/* Reset certs to force p7 to regenerate them */
((WOLFSSL_PKCS7*)p7)->certs = NULL;
AssertNotNull(d2i_PKCS7(&p7, &p, buflen));
/* p7 free's the certs */
/* Reset certs to force wolfSSL_PKCS7_to_stack to regenerate them */
((WOLFSSL_PKCS7*)p7)->certs = NULL;
/* PKCS7_free free's the certs */
AssertNotNull(wolfSSL_PKCS7_to_stack(p7));
}
@@ -27746,6 +27747,7 @@ static void test_wolfSSL_X509_STORE_CTX(void)
X509_STORE_CTX_set_error(NULL, -5);
X509_STORE_CTX_free(ctx);
sk_X509_free(sk);
X509_STORE_free(str);
X509_free(x509);
@@ -27774,7 +27776,8 @@ static void test_wolfSSL_X509_STORE_CTX(void)
X509_STORE_free(str);
/* CTX certs not freed yet */
X509_free(x5092);
/* sk2 freed as part of X509_STORE_CTX_free(), sk3 is dup so free here */
sk_X509_free(sk);
/* sk3 is dup so free here */
sk_X509_free(sk3);
#endif
@@ -29682,7 +29685,6 @@ static void test_wolfSSL_X509_sign(void)
#endif
EVP_MD_CTX_free(mctx);
X509_NAME_free(name);
EVP_PKEY_free(priv);
EVP_PKEY_free(pub);
X509_free(x509);
@@ -29839,6 +29841,7 @@ static void test_wolfSSL_X509_PUBKEY(void)
X509_PUBKEY_free(pubKey2);
X509_free(x509);
EVP_PKEY_free(evpKey);
printf(resultFmt, passed);
#endif
@@ -34963,6 +34966,7 @@ static void test_wolfSSL_TXT_DB(void)
"unknown",
"/CN=rsa doe",
};
char** fields_copy;
printf(testingFmt, "wolfSSL_TXT_DB");
@@ -34970,7 +34974,10 @@ static void test_wolfSSL_TXT_DB(void)
AssertNotNull(bio = BIO_new(BIO_s_file()));
AssertIntGT(BIO_read_filename(bio, "./tests/TXT_DB.txt"), 0);
AssertNotNull(db = TXT_DB_read(bio, columns));
AssertIntEQ(TXT_DB_insert(db, (WOLFSSL_STRING*)fields), 1);
AssertNotNull(fields_copy = (char**)XMALLOC(sizeof(fields), NULL,
DYNAMIC_TYPE_OPENSSL));
XMEMCPY(fields_copy, fields, sizeof(fields));
AssertIntEQ(TXT_DB_insert(db, fields_copy), 1);
BIO_free(bio);
/* Test write */
@@ -38178,6 +38185,7 @@ static void test_wolfSSL_d2i_X509_REQ(void)
X509_free(req);
BIO_free(bio);
EVP_PKEY_free(pub_key);
}
{
AssertNotNull(bio = BIO_new_file(csrPopFile, "rb"));
@@ -38200,6 +38208,7 @@ static void test_wolfSSL_d2i_X509_REQ(void)
X509_free(req);
BIO_free(bio);
EVP_PKEY_free(pub_key);
}
{
AssertNotNull(bio = BIO_new_file(csrDsaFile, "rb"));
@@ -38217,6 +38226,7 @@ static void test_wolfSSL_d2i_X509_REQ(void)
X509_free(req);
BIO_free(bio);
EVP_PKEY_free(pub_key);
}
}

1
wolfcrypt/src/evp.c
View File

@@ -1904,6 +1904,7 @@ int wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY *to,
WOLFSSL_MSG("wolfSSL_EC_KEY_new error");
return WOLFSSL_FAILURE;
}
to->ownEcc = 1;
to->ecc->group->curve_idx = from->ecc->group->curve_idx;
to->ecc->group->curve_nid = from->ecc->group->curve_nid;
to->ecc->group->curve_oid = from->ecc->group->curve_oid;

14
wolfcrypt/src/pkcs7.c
View File

@@ -2442,7 +2442,7 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
ret = wc_PKCS7_SignedDataBuildSignature(pkcs7, flatSignedAttribs,
flatSignedAttribsSz, esd);
if (ret < 0) {
if (pkcs7->signedAttribsSz != 0)
if (flatSignedAttribs)
XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
#ifdef WOLFSSL_SMALL_STACK
XFREE(esd, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
@@ -2507,7 +2507,7 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
/* if using header/footer, we are not returning the content */
if (output2 && output2Sz) {
if (total2Sz > *output2Sz) {
if (pkcs7->signedAttribsSz != 0)
if (flatSignedAttribs)
XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
#ifdef WOLFSSL_SMALL_STACK
XFREE(esd, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
@@ -2530,7 +2530,7 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
}
if (totalSz > *outputSz) {
if (pkcs7->signedAttribsSz != 0)
if (flatSignedAttribs)
XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
#ifdef WOLFSSL_SMALL_STACK
XFREE(esd, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
@@ -2543,7 +2543,7 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
}
if (output == NULL) {
if (pkcs7->signedAttribsSz != 0)
if (flatSignedAttribs)
XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
#ifdef WOLFSSL_SMALL_STACK
XFREE(esd, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
@@ -4915,9 +4915,15 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf,
if (ret == 0) {
byte isDynamic = pkcs7->isDynamic;
#ifndef NO_PKCS7_STREAM
PKCS7State* stream = pkcs7->stream;
pkcs7->stream = NULL;
#endif
/* Free pkcs7 resources but not the structure itself */
pkcs7->isDynamic = 0;
wc_PKCS7_Free(pkcs7);
pkcs7->isDynamic = isDynamic;
/* This will reset PKCS7 structure and then set the
* certificate */
ret = wc_PKCS7_InitWithCert(pkcs7, cert, certSz);

4
wolfcrypt/src/srp.c
View File

@@ -325,12 +325,14 @@ int wc_SrpSetUsername(Srp* srp, const byte* username, word32 size)
if (!srp || !username)
return BAD_FUNC_ARG;
srp->user = (byte*)XMALLOC(size, srp->heap, DYNAMIC_TYPE_SRP);
/* +1 for NULL char */
srp->user = (byte*)XMALLOC(size + 1, srp->heap, DYNAMIC_TYPE_SRP);
if (srp->user == NULL)
return MEMORY_E;
srp->userSz = size;
XMEMCPY(srp->user, username, srp->userSz);
srp->user[size] = '\0';
return 0;
}

2
wolfssl/openssl/conf.h
View File

@@ -50,8 +50,6 @@ typedef WOLFSSL_CONF_VALUE CONF_VALUE;
typedef WOLFSSL_INIT_SETTINGS OPENSSL_INIT_SETTINGS;
WOLFSSL_API WOLFSSL_CONF_VALUE *wolfSSL_CONF_VALUE_new(void);
WOLFSSL_API WOLFSSL_CONF_VALUE *wolfSSL_CONF_VALUE_new_values(char* section,
char* name, char* value);
WOLFSSL_API int wolfSSL_CONF_add_string(WOLFSSL_CONF *conf,
WOLFSSL_CONF_VALUE *section, WOLFSSL_CONF_VALUE *value);
WOLFSSL_API void wolfSSL_X509V3_conf_free(WOLFSSL_CONF_VALUE *val);

1
wolfssl/ssl.h
View File

@@ -3939,6 +3939,7 @@ WOLFSSL_API int wolfSSL_X509_check_issued(WOLFSSL_X509 *issuer,
WOLFSSL_X509 *subject);
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_STRING)* wolfSSL_sk_WOLFSSL_STRING_new(void);
WOLFSSL_API void wolfSSL_sk_WOLFSSL_STRING_free(WOLF_STACK_OF(WOLFSSL_STRING)* sk);
WOLFSSL_API WOLFSSL_STRING wolfSSL_sk_WOLFSSL_STRING_value(
WOLF_STACK_OF(WOLFSSL_STRING)* strings, int idx);
WOLFSSL_API int wolfSSL_sk_WOLFSSL_STRING_num(