fix a memory leak reported by Qualys Security.

move the bndec variable in tighter since it's not used elsewhere in the loop, then always free it after use. ok bcook miod
author: tedu <> 2015-10-14 21:12:10 +0000
committer: tedu <> 2015-10-14 21:12:10 +0000
commit: e8ea76a11af489c64a364323e8d0402a41f9cb90 (patch)
tree: 59b9f9081751de94c448846f2284d7525502494e /src
parent: b94124f8caf871e87767ee543513ae2e02968268 (diff)
download: openbsd-e8ea76a11af489c64a364323e8d0402a41f9cb90.tar.gz
openbsd-e8ea76a11af489c64a364323e8d0402a41f9cb90.tar.bz2
openbsd-e8ea76a11af489c64a364323e8d0402a41f9cb90.zip
2 files changed, 8 insertions, 6 deletions
diff --git a/src/lib/libcrypto/objects/obj_dat.c b/src/lib/libcrypto/objects/obj_dat.c
index 82ebb9b1d2..dab860d85c 100644
--- a/src/lib/libcrypto/objects/obj_dat.c
+++ b/src/lib/libcrypto/objects/obj_dat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: obj_dat.c,v 1.32 2015/10/14 21:02:08 beck Exp $ */
+/* $OpenBSD: obj_dat.c,v 1.33 2015/10/14 21:12:10 tedu Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -491,7 +491,6 @@ OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
 {
        int i, ret = 0, len, nid, first = 1, use_bn;
        BIGNUM *bl = NULL;
-        char *bndec = NULL;
        unsigned long l;
        const unsigned char *p;
@@ -567,10 +566,13 @@ OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
                }
                if (use_bn) {
+                        char *bndec;
                        bndec = BN_bn2dec(bl);
                        if (!bndec)
                                goto err;
                        i = snprintf(buf, buf_len, ".%s", bndec);
+                        free(bndec);
                        if (i == -1)
                                goto err;
                        if (i >= buf_len) {
@@ -598,7 +600,6 @@ OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
        }
 out:
-        free(bndec);
        BN_free(bl);
        return ret;
diff --git a/src/lib/libssl/src/crypto/objects/obj_dat.c b/src/lib/libssl/src/crypto/objects/obj_dat.c
index 82ebb9b1d2..dab860d85c 100644
--- a/src/lib/libssl/src/crypto/objects/obj_dat.c
+++ b/src/lib/libssl/src/crypto/objects/obj_dat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: obj_dat.c,v 1.32 2015/10/14 21:02:08 beck Exp $ */
+/* $OpenBSD: obj_dat.c,v 1.33 2015/10/14 21:12:10 tedu Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -491,7 +491,6 @@ OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
 {
        int i, ret = 0, len, nid, first = 1, use_bn;
        BIGNUM *bl = NULL;
-        char *bndec = NULL;
        unsigned long l;
        const unsigned char *p;
@@ -567,10 +566,13 @@ OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
                }
                if (use_bn) {
+                        char *bndec;
                        bndec = BN_bn2dec(bl);
                        if (!bndec)
                                goto err;
                        i = snprintf(buf, buf_len, ".%s", bndec);
+                        free(bndec);
                        if (i == -1)
                                goto err;
                        if (i >= buf_len) {
@@ -598,7 +600,6 @@ OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
        }
 out:
-        free(bndec);
        BN_free(bl);
        return ret;
author	tedu <>	2015-10-14 21:12:10 +0000
committer	tedu <>	2015-10-14 21:12:10 +0000
commit	e8ea76a11af489c64a364323e8d0402a41f9cb90 (patch)
tree	59b9f9081751de94c448846f2284d7525502494e /src
parent	b94124f8caf871e87767ee543513ae2e02968268 (diff)
download	openbsd-e8ea76a11af489c64a364323e8d0402a41f9cb90.tar.gz openbsd-e8ea76a11af489c64a364323e8d0402a41f9cb90.tar.bz2 openbsd-e8ea76a11af489c64a364323e8d0402a41f9cb90.zip