Plug a big memory leak in the new validator - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2020-11-18 17:40:42 +0000
committer	tb <>	2020-11-18 17:40:42 +0000
commit	c67f3c9390fc29f3f4e97751c76c023f647bc9ec (patch)
tree	5cfa5758bf11e0b6fd7af75ce23fb2828bf6879e /src/regress/lib/libssl/client/clienttest.c
parent	39533a204dedf2e29d621dfe9a9f4e24657fdafd (diff)
download	openbsd-c67f3c9390fc29f3f4e97751c76c023f647bc9ec.tar.gz openbsd-c67f3c9390fc29f3f4e97751c76c023f647bc9ec.tar.bz2 openbsd-c67f3c9390fc29f3f4e97751c76c023f647bc9ec.zip

Plug a big memory leak in the new validator

The legacy validator would only call x509_vfy_check_policy() once at the very end after cobbling together a chain. Therefore it didn't matter that X509_policy_check() always allocates a new tree on top of the one that might have been passed in. This is in stark contrast to other, similar APIs in this code base. The new validator calls this function several times over while building its chains. This adds up to a sizable leak in the new validator. Reported with a reproducer by Hanno Zysik on github, who also bisected this to the commit enabling the new validator. Narrowed down to x509_vfy_check_policy() by jsing. We simultaenously came up with a functionally identical fix. ok jsing

Diffstat (limited to 'src/regress/lib/libssl/client/clienttest.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: