Fix two leaks in BIO_dup_chain()

If CRYPTO_dup_ex_data() fails, the new_bio is leaked. If an error occurs after the first iteration, all members of the new chain except the head are leaked. ok jsing
author: tb <> 2023-08-07 10:58:56 +0000
committer: tb <> 2023-08-07 10:58:56 +0000
commit: 6ebe6a57ddcecac61efec3fa67cdf37275e8dc2a (patch)
tree: 3113b1e10214873923dc86aaf0bcfda072055033 /src
parent: 1ccf3df9215103b31cd58b2f20d04fe2b11b9c37 (diff)
download: openbsd-6ebe6a57ddcecac61efec3fa67cdf37275e8dc2a.tar.gz
openbsd-6ebe6a57ddcecac61efec3fa67cdf37275e8dc2a.tar.bz2
openbsd-6ebe6a57ddcecac61efec3fa67cdf37275e8dc2a.zip
1 files changed, 17 insertions, 19 deletions
diff --git a/src/lib/libcrypto/bio/bio_lib.c b/src/lib/libcrypto/bio/bio_lib.c
index c0a74ee29b..b058af0ade 100644
--- a/src/lib/libcrypto/bio/bio_lib.c
+++ b/src/lib/libcrypto/bio/bio_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bio_lib.c,v 1.47 2023/07/10 02:33:33 tb Exp $ */
+/* $OpenBSD: bio_lib.c,v 1.48 2023/08/07 10:58:56 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -816,7 +816,8 @@ LCRYPTO_ALIAS(BIO_free_all);
 BIO *
 BIO_dup_chain(BIO *in)
 {
-        BIO *ret = NULL, *eoc = NULL, *bio, *new_bio;
+        BIO *new_chain = NULL, *new_bio = NULL, *tail = NULL;
+        BIO *bio;
        for (bio = in; bio != NULL; bio = bio->next_bio) {
                if ((new_bio = BIO_new(bio->method)) == NULL)
@@ -827,33 +828,30 @@ BIO_dup_chain(BIO *in)
                new_bio->init = bio->init;
                new_bio->shutdown = bio->shutdown;
                new_bio->flags = bio->flags;
-                /* This will let SSL_s_sock() work with stdin/stdout */
                new_bio->num = bio->num;
-                if (!BIO_dup_state(bio, (char *)new_bio)) {
+                if (!BIO_dup_state(bio, new_bio))
-                        BIO_free(new_bio);
                        goto err;
-                }
-                /* copy app data */
                if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO,
                    &new_bio->ex_data, &bio->ex_data))
                        goto err;
-                if (ret == NULL) {
+                if (BIO_push(tail, new_bio) == NULL)
-                        eoc = new_bio;
+                        goto err;
-                        ret = eoc;
-                } else {
+                tail = new_bio;
-                        BIO_push(eoc, new_bio);
+                if (new_chain == NULL)
-                        eoc = new_bio;
+                        new_chain = new_bio;
-                }
        }
-        return (ret);
-err:
-        BIO_free(ret);
-        return (NULL);
+        return new_chain;
+ err:
+        BIO_free(new_bio);
+        BIO_free_all(new_chain);
+        return NULL;
 }
 LCRYPTO_ALIAS(BIO_dup_chain);
author	tb <>	2023-08-07 10:58:56 +0000
committer	tb <>	2023-08-07 10:58:56 +0000
commit	6ebe6a57ddcecac61efec3fa67cdf37275e8dc2a (patch)
tree	3113b1e10214873923dc86aaf0bcfda072055033 /src
parent	1ccf3df9215103b31cd58b2f20d04fe2b11b9c37 (diff)
download	openbsd-6ebe6a57ddcecac61efec3fa67cdf37275e8dc2a.tar.gz openbsd-6ebe6a57ddcecac61efec3fa67cdf37275e8dc2a.tar.bz2 openbsd-6ebe6a57ddcecac61efec3fa67cdf37275e8dc2a.zip

diff --git a/src/lib/libcrypto/bio/bio_lib.c b/src/lib/libcrypto/bio/bio_lib.c index c0a74ee29b..b058af0ade 100644 --- a/src/lib/libcrypto/bio/bio_lib.c +++ b/src/lib/libcrypto/bio/bio_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: bio_lib.c,v 1.47 2023/07/10 02:33:33 tb Exp $ */	1	/* $OpenBSD: bio_lib.c,v 1.48 2023/08/07 10:58:56 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -816,7 +816,8 @@ LCRYPTO_ALIAS(BIO_free_all);
816	BIO *	816	BIO *
817	BIO_dup_chain(BIO *in)	817	BIO_dup_chain(BIO *in)
818	{	818	{
819	BIO ret = NULL, eoc = NULL, bio, new_bio;	819	BIO new_chain = NULL, new_bio = NULL, *tail = NULL;
		820	BIO *bio;
820		821
821	for (bio = in; bio != NULL; bio = bio->next_bio) {	822	for (bio = in; bio != NULL; bio = bio->next_bio) {
822	if ((new_bio = BIO_new(bio->method)) == NULL)	823	if ((new_bio = BIO_new(bio->method)) == NULL)
@@ -827,33 +828,30 @@ BIO_dup_chain(BIO *in)
827	new_bio->init = bio->init;	828	new_bio->init = bio->init;
828	new_bio->shutdown = bio->shutdown;	829	new_bio->shutdown = bio->shutdown;
829	new_bio->flags = bio->flags;	830	new_bio->flags = bio->flags;
830
831	/* This will let SSL_s_sock() work with stdin/stdout */
832	new_bio->num = bio->num;	831	new_bio->num = bio->num;
833		832
834	if (!BIO_dup_state(bio, (char *)new_bio)) {	833	if (!BIO_dup_state(bio, new_bio))
835	BIO_free(new_bio);
836	goto err;	834	goto err;
837	}
838		835
839	/* copy app data */
840	if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO,	836	if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO,
841	&new_bio->ex_data, &bio->ex_data))	837	&new_bio->ex_data, &bio->ex_data))
842	goto err;	838	goto err;
843		839
844	if (ret == NULL) {	840	if (BIO_push(tail, new_bio) == NULL)
845	eoc = new_bio;	841	goto err;
846	ret = eoc;	842
847	} else {	843	tail = new_bio;
848	BIO_push(eoc, new_bio);	844	if (new_chain == NULL)
849	eoc = new_bio;	845	new_chain = new_bio;
850	}
851	}	846	}
852	return (ret);
853	err:
854	BIO_free(ret);
855	return (NULL);
856		847
		848	return new_chain;
		849
		850	err:
		851	BIO_free(new_bio);
		852	BIO_free_all(new_chain);
		853
		854	return NULL;
857	}	855	}
858	LCRYPTO_ALIAS(BIO_dup_chain);	856	LCRYPTO_ALIAS(BIO_dup_chain);
859		857