Plug a big memory leak in the new validator - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2020-11-18 17:40:42 +0000
committer	tb <>	2020-11-18 17:40:42 +0000
commit	fa7f97be6a425fa454c92d146ea0a205a46da2a0 (patch)
tree	5cfa5758bf11e0b6fd7af75ce23fb2828bf6879e /src/regress/lib/libssl/client/clienttest.c
parent	644cb0c3bf194db22125d9f1f2bb4fbdad279d65 (diff)
download	openbsd-fa7f97be6a425fa454c92d146ea0a205a46da2a0.tar.gz openbsd-fa7f97be6a425fa454c92d146ea0a205a46da2a0.tar.bz2 openbsd-fa7f97be6a425fa454c92d146ea0a205a46da2a0.zip

Plug a big memory leak in the new validator

The legacy validator would only call x509_vfy_check_policy() once at the very end after cobbling together a chain. Therefore it didn't matter that X509_policy_check() always allocates a new tree on top of the one that might have been passed in. This is in stark contrast to other, similar APIs in this code base. The new validator calls this function several times over while building its chains. This adds up to a sizable leak in the new validator. Reported with a reproducer by Hanno Zysik on github, who also bisected this to the commit enabling the new validator. Narrowed down to x509_vfy_check_policy() by jsing. We simultaenously came up with a functionally identical fix. ok jsing

Diffstat (limited to 'src/regress/lib/libssl/client/clienttest.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: