wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

memory handling fixes

Browse Source
This commit is contained in:
JacobBarthelmeh
2020-06-19 10:08:42 -07:00
parent 1e431e1ade
commit b88342eeaf
3 changed files with 56 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
src/crl.c
View File

@ -526,6 +526,7 @@ static RevokedCert *DupRevokedCertList(RevokedCert* in, void* heap)
prev->next = tmp;
if (head == NULL)
head = tmp;
prev = tmp;
}
else {
WOLFSSL_MSG("Failed to allocate new RevokedCert structure");
@ -619,6 +620,17 @@ static CRL_Entry* DupCRL_list(CRL_Entry* crl, void* heap)
head = tmp;
if (prev != NULL)
prev->next = tmp;
prev = tmp;
}
else {
WOLFSSL_MSG("Failed to allocate new CRL_Entry structure");
/* free up any existing list */
while (head != NULL) {
current = head;
head = head->next;
FreeCRL_Entry(current, heap);
}
return NULL;
}
current = current->next;
}
@ -635,10 +647,6 @@ static int DupX509_CRL(WOLFSSL_X509_CRL *dup, const WOLFSSL_X509_CRL* crl)
return BAD_FUNC_ARG;
}
dup->crlList = DupCRL_list(crl->crlList, dup->heap);
#ifdef HAVE_CRL_IO
dup->crlIOCb = crl->crlIOCb;
#endif
if (crl->monitors[0].path) {
int pathSz = (int)XSTRLEN(crl->monitors[0].path) + 1;
dup->monitors[0].path = (char*)XMALLOC(pathSz, dup->heap,
@ -646,6 +654,9 @@ static int DupX509_CRL(WOLFSSL_X509_CRL *dup, const WOLFSSL_X509_CRL* crl)
if (dup->monitors[0].path != NULL) {
XSTRNCPY(dup->monitors[0].path, crl->monitors[0].path, pathSz);
}
else {
return MEMORY_E;
}
}
if (crl->monitors[1].path) {
@ -655,8 +666,20 @@ static int DupX509_CRL(WOLFSSL_X509_CRL *dup, const WOLFSSL_X509_CRL* crl)
if (dup->monitors[1].path != NULL) {
XSTRNCPY(dup->monitors[1].path, crl->monitors[1].path, pathSz);
}
else {
if (dup->monitors[0].path != NULL) {
XFREE(dup->monitors[0].path, dup->heap,
DYNAMIC_TYPE_CRL_MONITOR);
}
return MEMORY_E;
}
}
dup->crlList = DupCRL_list(crl->crlList, dup->heap);
#ifdef HAVE_CRL_IO
dup->crlIOCb = crl->crlIOCb;
#endif
return 0;
}

23
src/ssl.c
View File

@ -22764,11 +22764,15 @@ err_exit:
void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store)
{
if (store != NULL && store->isDynamic) {
if (store->cm != NULL)
if (store->cm != NULL) {
wolfSSL_CertManagerFree(store->cm);
store->cm = NULL;
}
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
if (store->param != NULL)
if (store->param != NULL) {
XFREE(store->param, NULL, DYNAMIC_TYPE_OPENSSL);
store->param = NULL;
}
#endif
XFREE(store, NULL, DYNAMIC_TYPE_X509_STORE);
}
@ -22893,23 +22897,18 @@ int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx,
}
/* free's own cert chain holding and extra data */
void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx)
{
WOLFSSL_ENTER("X509_STORE_CTX_free");
if (ctx != NULL) {
#if !defined(OPENSSL_ALL) && !defined(WOLFSSL_QT)
if (ctx->store != NULL)
wolfSSL_X509_STORE_free(ctx->store);
#ifndef WOLFSSL_KEEP_STORE_CERTS
if (ctx->current_cert != NULL)
wolfSSL_FreeX509(ctx->current_cert);
#endif
#endif /* !OPENSSL_ALL && !WOLFSSL_QT */
#ifdef OPENSSL_EXTRA
#ifdef OPENSSL_EXTRA
wolfSSL_sk_free(ctx->chain);
if (ctx->param != NULL){
XFREE(ctx->param,NULL,DYNAMIC_TYPE_OPENSSL);
ctx->param = NULL;
}
#endif
#endif
XFREE(ctx, NULL, DYNAMIC_TYPE_X509_CTX);
}
}

42
tests/api.c
View File

@ -22085,10 +22085,8 @@ static void test_wolfSSL_X509_STORE_CTX_get0_current_issuer(void)
X509_free(issuer);
X509_STORE_CTX_free(ctx);
#if defined(WOLFSSL_KEEP_STORE_CERTS) || defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
X509_free(x509Svr);
X509_STORE_free(str);
#endif
X509_free(x509Svr);
X509_STORE_free(str);
X509_free(x509Ca);
printf(resultFmt, passed);
@ -22130,10 +22128,8 @@ static void test_wolfSSL_X509_STORE_CTX(void)
#ifdef OPENSSL_ALL
sk_X509_free(sk);
#endif
#if defined(WOLFSSL_KEEP_STORE_CERTS) || defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
X509_STORE_free(str);
X509_free(x509);
#endif
AssertNotNull(ctx = X509_STORE_CTX_new());
X509_STORE_CTX_set_verify_cb(ctx, verify_cb);
@ -22158,11 +22154,9 @@ static void test_wolfSSL_X509_STORE_CTX(void)
AssertIntEQ(sk_num(sk3), 1); /* sanity, make sure chain has 1 cert */
X509_STORE_CTX_free(ctx);
sk_X509_free(sk);
#if defined(WOLFSSL_KEEP_STORE_CERTS) || defined(WOLFSSL_QT)
X509_STORE_free(str);
/* CTX certs not freed yet */
X509_free(x5092);
#endif
/* sk2 freed as part of X509_STORE_CTX_free(), sk3 is dup so free here */
sk_X509_free(sk3);
#endif
@ -22354,9 +22348,7 @@ static void test_wolfSSL_X509_STORE_CTX_get0_store(void)
wolfSSL_X509_STORE_CTX_free(ctx);
wolfSSL_X509_STORE_CTX_free(ctx_no_init);
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
X509_STORE_free(store);
#endif
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
@ -22563,7 +22555,7 @@ static void test_wolfSSL_X509_STORE(void)
#ifdef HAVE_CRL
X509_STORE_CTX *storeCtx;
X509_CRL *crl;
X509 *x509;
X509 *ca, *cert;
const char crlPem[] = "./certs/crl/crl.revoked";
const char srvCert[] = "./certs/server-revoked-cert.pem";
const char caCert[] = "./certs/ca-cert.pem";
@ -22571,22 +22563,24 @@ static void test_wolfSSL_X509_STORE(void)
printf(testingFmt, "test_wolfSSL_X509_STORE");
AssertNotNull(store = (X509_STORE *)X509_STORE_new());
AssertNotNull((x509 = wolfSSL_X509_load_certificate_file(caCert,
AssertNotNull((ca = wolfSSL_X509_load_certificate_file(caCert,
SSL_FILETYPE_PEM)));
AssertIntEQ(X509_STORE_add_cert(store, x509), SSL_SUCCESS);
AssertNotNull((x509 = wolfSSL_X509_load_certificate_file(srvCert,
AssertIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS);
AssertNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert,
SSL_FILETYPE_PEM)));
AssertNotNull((storeCtx = X509_STORE_CTX_new()));
AssertIntEQ(X509_STORE_CTX_init(storeCtx, store, x509, NULL), SSL_SUCCESS);
AssertIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS);
AssertIntEQ(X509_verify_cert(storeCtx), SSL_SUCCESS);
X509_STORE_free(store);
X509_STORE_CTX_free(storeCtx);
X509_free(x509);
X509_free(cert);
X509_free(ca);
/* should fail to verify now after adding in CRL */
AssertNotNull(store = (X509_STORE *)X509_STORE_new());
AssertNotNull((x509 = wolfSSL_X509_load_certificate_file(caCert,
AssertNotNull((ca = wolfSSL_X509_load_certificate_file(caCert,
SSL_FILETYPE_PEM)));
AssertIntEQ(X509_STORE_add_cert(store, x509), SSL_SUCCESS);
AssertIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS);
fp = XFOPEN(crlPem, "rb");
AssertTrue((fp != XBADFILE));
AssertNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL,
@ -22595,14 +22589,16 @@ static void test_wolfSSL_X509_STORE(void)
AssertIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS);
AssertIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK),SSL_SUCCESS);
AssertNotNull((storeCtx = X509_STORE_CTX_new()));
AssertNotNull((x509 = wolfSSL_X509_load_certificate_file(srvCert,
AssertNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert,
SSL_FILETYPE_PEM)));
AssertIntEQ(X509_STORE_CTX_init(storeCtx, store, x509, NULL), SSL_SUCCESS);
AssertIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS);
AssertIntNE(X509_verify_cert(storeCtx), SSL_SUCCESS);
AssertIntEQ(X509_STORE_CTX_get_error(storeCtx), CRL_CERT_REVOKED);
X509_free(x509);
X509_STORE_CTX_free(storeCtx);
X509_CRL_free(crl);
X509_STORE_free(store);
X509_STORE_CTX_free(storeCtx);
X509_free(cert);
X509_free(ca);
#endif /* HAVE_CRL */
@ -23797,10 +23793,8 @@ static void test_wolfSSL_X509(void)
X509_STORE_CTX_free(ctx);
#if defined(WOLFSSL_KEEP_STORE_CERTS) || defined(WOLFSSL_QT)
X509_STORE_free(store);
X509_free(x509);
#endif
BIO_free(bio);
/** d2i_X509_fp test **/