wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 11:17:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

memory handling fixes

Browse Source
This commit is contained in:
JacobBarthelmeh
2020-06-19 10:08:42 -07:00
parent 1e431e1ade
commit b88342eeaf
3 changed files with 56 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
src/crl.c
View File

@@ -526,6 +526,7 @@ static RevokedCert *DupRevokedCertList(RevokedCert* in, void* heap)
prev->next = tmp; prev->next = tmp;
if (head == NULL) if (head == NULL)
head = tmp; head = tmp;
prev = tmp;
} }
else { else {
WOLFSSL_MSG("Failed to allocate new RevokedCert structure"); WOLFSSL_MSG("Failed to allocate new RevokedCert structure");
@@ -619,6 +620,17 @@ static CRL_Entry* DupCRL_list(CRL_Entry* crl, void* heap)
head = tmp; head = tmp;
if (prev != NULL) if (prev != NULL)
prev->next = tmp; prev->next = tmp;
prev = tmp;
}
else {
WOLFSSL_MSG("Failed to allocate new CRL_Entry structure");
/* free up any existing list */
while (head != NULL) {
current = head;
head = head->next;
FreeCRL_Entry(current, heap);
}
return NULL;
} }
current = current->next; current = current->next;
} }
@@ -635,10 +647,6 @@ static int DupX509_CRL(WOLFSSL_X509_CRL *dup, const WOLFSSL_X509_CRL* crl)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
dup->crlList = DupCRL_list(crl->crlList, dup->heap);
#ifdef HAVE_CRL_IO
dup->crlIOCb = crl->crlIOCb;
#endif
if (crl->monitors[0].path) { if (crl->monitors[0].path) {
int pathSz = (int)XSTRLEN(crl->monitors[0].path) + 1; int pathSz = (int)XSTRLEN(crl->monitors[0].path) + 1;
dup->monitors[0].path = (char*)XMALLOC(pathSz, dup->heap, dup->monitors[0].path = (char*)XMALLOC(pathSz, dup->heap,
@@ -646,6 +654,9 @@ static int DupX509_CRL(WOLFSSL_X509_CRL *dup, const WOLFSSL_X509_CRL* crl)
if (dup->monitors[0].path != NULL) { if (dup->monitors[0].path != NULL) {
XSTRNCPY(dup->monitors[0].path, crl->monitors[0].path, pathSz); XSTRNCPY(dup->monitors[0].path, crl->monitors[0].path, pathSz);
} }
else {
return MEMORY_E;
}
} }
if (crl->monitors[1].path) { if (crl->monitors[1].path) {
@@ -655,8 +666,20 @@ static int DupX509_CRL(WOLFSSL_X509_CRL *dup, const WOLFSSL_X509_CRL* crl)
if (dup->monitors[1].path != NULL) { if (dup->monitors[1].path != NULL) {
XSTRNCPY(dup->monitors[1].path, crl->monitors[1].path, pathSz); XSTRNCPY(dup->monitors[1].path, crl->monitors[1].path, pathSz);
} }
else {
if (dup->monitors[0].path != NULL) {
XFREE(dup->monitors[0].path, dup->heap,
DYNAMIC_TYPE_CRL_MONITOR);
}
return MEMORY_E;
}
} }
dup->crlList = DupCRL_list(crl->crlList, dup->heap);
#ifdef HAVE_CRL_IO
dup->crlIOCb = crl->crlIOCb;
#endif
return 0; return 0;
} }

23
src/ssl.c
View File

@@ -22764,11 +22764,15 @@ err_exit:
void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store) void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store)
{ {
if (store != NULL && store->isDynamic) { if (store != NULL && store->isDynamic) {
if (store->cm != NULL) if (store->cm != NULL) {
wolfSSL_CertManagerFree(store->cm); wolfSSL_CertManagerFree(store->cm);
store->cm = NULL;
}
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
if (store->param != NULL) if (store->param != NULL) {
XFREE(store->param, NULL, DYNAMIC_TYPE_OPENSSL); XFREE(store->param, NULL, DYNAMIC_TYPE_OPENSSL);
store->param = NULL;
}
#endif #endif
XFREE(store, NULL, DYNAMIC_TYPE_X509_STORE); XFREE(store, NULL, DYNAMIC_TYPE_X509_STORE);
} }
@@ -22893,23 +22897,18 @@ int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx,
} }
/* free's own cert chain holding and extra data */
void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx) void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx)
{ {
WOLFSSL_ENTER("X509_STORE_CTX_free"); WOLFSSL_ENTER("X509_STORE_CTX_free");
if (ctx != NULL) { if (ctx != NULL) {
#if !defined(OPENSSL_ALL) && !defined(WOLFSSL_QT) #ifdef OPENSSL_EXTRA
if (ctx->store != NULL) wolfSSL_sk_free(ctx->chain);
wolfSSL_X509_STORE_free(ctx->store);
#ifndef WOLFSSL_KEEP_STORE_CERTS
if (ctx->current_cert != NULL)
wolfSSL_FreeX509(ctx->current_cert);
#endif
#endif /* !OPENSSL_ALL && !WOLFSSL_QT */
#ifdef OPENSSL_EXTRA
if (ctx->param != NULL){ if (ctx->param != NULL){
XFREE(ctx->param,NULL,DYNAMIC_TYPE_OPENSSL); XFREE(ctx->param,NULL,DYNAMIC_TYPE_OPENSSL);
ctx->param = NULL;
} }
#endif #endif
XFREE(ctx, NULL, DYNAMIC_TYPE_X509_CTX); XFREE(ctx, NULL, DYNAMIC_TYPE_X509_CTX);
} }
} }

42
tests/api.c
View File

@@ -22085,10 +22085,8 @@ static void test_wolfSSL_X509_STORE_CTX_get0_current_issuer(void)
X509_free(issuer); X509_free(issuer);
X509_STORE_CTX_free(ctx); X509_STORE_CTX_free(ctx);
#if defined(WOLFSSL_KEEP_STORE_CERTS) || defined(OPENSSL_ALL) || defined(WOLFSSL_QT) X509_free(x509Svr);
X509_free(x509Svr); X509_STORE_free(str);
X509_STORE_free(str);
#endif
X509_free(x509Ca); X509_free(x509Ca);
printf(resultFmt, passed); printf(resultFmt, passed);
@@ -22130,10 +22128,8 @@ static void test_wolfSSL_X509_STORE_CTX(void)
#ifdef OPENSSL_ALL #ifdef OPENSSL_ALL
sk_X509_free(sk); sk_X509_free(sk);
#endif #endif
#if defined(WOLFSSL_KEEP_STORE_CERTS) || defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
X509_STORE_free(str); X509_STORE_free(str);
X509_free(x509); X509_free(x509);
#endif
AssertNotNull(ctx = X509_STORE_CTX_new()); AssertNotNull(ctx = X509_STORE_CTX_new());
X509_STORE_CTX_set_verify_cb(ctx, verify_cb); X509_STORE_CTX_set_verify_cb(ctx, verify_cb);
@@ -22158,11 +22154,9 @@ static void test_wolfSSL_X509_STORE_CTX(void)
AssertIntEQ(sk_num(sk3), 1); /* sanity, make sure chain has 1 cert */ AssertIntEQ(sk_num(sk3), 1); /* sanity, make sure chain has 1 cert */
X509_STORE_CTX_free(ctx); X509_STORE_CTX_free(ctx);
sk_X509_free(sk); sk_X509_free(sk);
#if defined(WOLFSSL_KEEP_STORE_CERTS) || defined(WOLFSSL_QT)
X509_STORE_free(str); X509_STORE_free(str);
/* CTX certs not freed yet */ /* CTX certs not freed yet */
X509_free(x5092); X509_free(x5092);
#endif
/* sk2 freed as part of X509_STORE_CTX_free(), sk3 is dup so free here */ /* sk2 freed as part of X509_STORE_CTX_free(), sk3 is dup so free here */
sk_X509_free(sk3); sk_X509_free(sk3);
#endif #endif
@@ -22354,9 +22348,7 @@ static void test_wolfSSL_X509_STORE_CTX_get0_store(void)
wolfSSL_X509_STORE_CTX_free(ctx); wolfSSL_X509_STORE_CTX_free(ctx);
wolfSSL_X509_STORE_CTX_free(ctx_no_init); wolfSSL_X509_STORE_CTX_free(ctx_no_init);
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
X509_STORE_free(store); X509_STORE_free(store);
#endif
printf(resultFmt, passed); printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA */
@@ -22563,7 +22555,7 @@ static void test_wolfSSL_X509_STORE(void)
#ifdef HAVE_CRL #ifdef HAVE_CRL
X509_STORE_CTX *storeCtx; X509_STORE_CTX *storeCtx;
X509_CRL *crl; X509_CRL *crl;
X509 *x509; X509 *ca, *cert;
const char crlPem[] = "./certs/crl/crl.revoked"; const char crlPem[] = "./certs/crl/crl.revoked";
const char srvCert[] = "./certs/server-revoked-cert.pem"; const char srvCert[] = "./certs/server-revoked-cert.pem";
const char caCert[] = "./certs/ca-cert.pem"; const char caCert[] = "./certs/ca-cert.pem";
@@ -22571,22 +22563,24 @@ static void test_wolfSSL_X509_STORE(void)
printf(testingFmt, "test_wolfSSL_X509_STORE"); printf(testingFmt, "test_wolfSSL_X509_STORE");
AssertNotNull(store = (X509_STORE *)X509_STORE_new()); AssertNotNull(store = (X509_STORE *)X509_STORE_new());
AssertNotNull((x509 = wolfSSL_X509_load_certificate_file(caCert, AssertNotNull((ca = wolfSSL_X509_load_certificate_file(caCert,
SSL_FILETYPE_PEM))); SSL_FILETYPE_PEM)));
AssertIntEQ(X509_STORE_add_cert(store, x509), SSL_SUCCESS); AssertIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS);
AssertNotNull((x509 = wolfSSL_X509_load_certificate_file(srvCert, AssertNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert,
SSL_FILETYPE_PEM))); SSL_FILETYPE_PEM)));
AssertNotNull((storeCtx = X509_STORE_CTX_new())); AssertNotNull((storeCtx = X509_STORE_CTX_new()));
AssertIntEQ(X509_STORE_CTX_init(storeCtx, store, x509, NULL), SSL_SUCCESS); AssertIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS);
AssertIntEQ(X509_verify_cert(storeCtx), SSL_SUCCESS); AssertIntEQ(X509_verify_cert(storeCtx), SSL_SUCCESS);
X509_STORE_free(store);
X509_STORE_CTX_free(storeCtx); X509_STORE_CTX_free(storeCtx);
X509_free(x509); X509_free(cert);
X509_free(ca);
/* should fail to verify now after adding in CRL */ /* should fail to verify now after adding in CRL */
AssertNotNull(store = (X509_STORE *)X509_STORE_new()); AssertNotNull(store = (X509_STORE *)X509_STORE_new());
AssertNotNull((x509 = wolfSSL_X509_load_certificate_file(caCert, AssertNotNull((ca = wolfSSL_X509_load_certificate_file(caCert,
SSL_FILETYPE_PEM))); SSL_FILETYPE_PEM)));
AssertIntEQ(X509_STORE_add_cert(store, x509), SSL_SUCCESS); AssertIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS);
fp = XFOPEN(crlPem, "rb"); fp = XFOPEN(crlPem, "rb");
AssertTrue((fp != XBADFILE)); AssertTrue((fp != XBADFILE));
AssertNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, AssertNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL,
@@ -22595,14 +22589,16 @@ static void test_wolfSSL_X509_STORE(void)
AssertIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS); AssertIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS);
AssertIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK),SSL_SUCCESS); AssertIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK),SSL_SUCCESS);
AssertNotNull((storeCtx = X509_STORE_CTX_new())); AssertNotNull((storeCtx = X509_STORE_CTX_new()));
AssertNotNull((x509 = wolfSSL_X509_load_certificate_file(srvCert, AssertNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert,
SSL_FILETYPE_PEM))); SSL_FILETYPE_PEM)));
AssertIntEQ(X509_STORE_CTX_init(storeCtx, store, x509, NULL), SSL_SUCCESS); AssertIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS);
AssertIntNE(X509_verify_cert(storeCtx), SSL_SUCCESS); AssertIntNE(X509_verify_cert(storeCtx), SSL_SUCCESS);
AssertIntEQ(X509_STORE_CTX_get_error(storeCtx), CRL_CERT_REVOKED); AssertIntEQ(X509_STORE_CTX_get_error(storeCtx), CRL_CERT_REVOKED);
X509_free(x509);
X509_STORE_CTX_free(storeCtx);
X509_CRL_free(crl); X509_CRL_free(crl);
X509_STORE_free(store);
X509_STORE_CTX_free(storeCtx);
X509_free(cert);
X509_free(ca);
#endif /* HAVE_CRL */ #endif /* HAVE_CRL */
@@ -23797,10 +23793,8 @@ static void test_wolfSSL_X509(void)
X509_STORE_CTX_free(ctx); X509_STORE_CTX_free(ctx);
#if defined(WOLFSSL_KEEP_STORE_CERTS) || defined(WOLFSSL_QT)
X509_STORE_free(store); X509_STORE_free(store);
X509_free(x509); X509_free(x509);
#endif
BIO_free(bio); BIO_free(bio);
/** d2i_X509_fp test **/ /** d2i_X509_fp test **/