wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 19:24:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4632 from julek-wolfssl/PrintPubKeyEC-leak

Browse Source 
`a` and `key` were not being freed => leak in `PrintPubKeyEC`
This commit is contained in:
Kaleb Himes
2021-12-07 07:20:05 -07:00
committed by GitHub
parent 9f6aa36866 574d171357
commit 96daf2bede
2 changed files with 23 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
wolfcrypt/src/evp.c
View File

@@ -8178,13 +8178,14 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
char line[32] = { 0 }; char line[32] = { 0 };
(void)pctx; (void)pctx;
if( mp_init(&a) != 0) { if (mp_init(&a) != 0) {
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
if (indent < 0) { if (indent < 0) {
indent = 0; indent = 0;
} }
if (indent > EVP_PKEY_PRINT_INDENT_MAX) { else if (indent > EVP_PKEY_PRINT_INDENT_MAX) {
indent = EVP_PKEY_PRINT_INDENT_MAX; indent = EVP_PKEY_PRINT_INDENT_MAX;
} }
@@ -8214,9 +8215,7 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
} }
if (res == WOLFSSL_SUCCESS) { if (res == WOLFSSL_SUCCESS) {
pub = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_ECC_BUFFER); pub = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_ECC_BUFFER);
if (pub == NULL) { if (pub != NULL) {
return WOLFSSL_FAILURE;
}
pubSz = ECC_BUFSIZE; pubSz = ECC_BUFSIZE;
XMEMSET(pub, 0, ECC_BUFSIZE); XMEMSET(pub, 0, ECC_BUFSIZE);
@@ -8224,6 +8223,10 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
res = wc_ecc_export_x963(&key, pub, &pubSz) == 0; res = wc_ecc_export_x963(&key, pub, &pubSz) == 0;
PRIVATE_KEY_LOCK(); PRIVATE_KEY_LOCK();
} }
else {
res = WOLFSSL_FAILURE;
}
}
if (res == WOLFSSL_SUCCESS) { if (res == WOLFSSL_SUCCESS) {
idx = 0; idx = 0;
res = Indent(out, indent) >= 0; res = Indent(out, indent) >= 0;
@@ -8294,6 +8297,9 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
pub = NULL; pub = NULL;
} }
wc_ecc_free(&key);
mp_free(&a);
return res; return res;
} }
#endif /* HAVE_ECC */ #endif /* HAVE_ECC */

8
wolfcrypt/src/integer.c
View File

@@ -183,7 +183,13 @@ void mp_clear (mp_int * a)
return; return;
/* only do anything if a hasn't been freed previously */ /* only do anything if a hasn't been freed previously */
if (a->dp != NULL) { #ifndef HAVE_WOLF_BIGINT
/* When HAVE_WOLF_BIGINT then mp_free -> wc_bigint_free needs to be called
* because a->raw->buf may be allocated even when a->dp == NULL. This is the
* case for when a zero is loaded into the mp_int. */
if (a->dp != NULL)
#endif
{
/* first zero the digits */ /* first zero the digits */
for (i = 0; i < a->used; i++) { for (i = 0; i < a->used; i++) {
a->dp[i] = 0; a->dp[i] = 0;