From 55e64e549e2ba5234b327630d22faf48d66de9ee Mon Sep 17 00:00:00 2001 From: tb <> Date: Wed, 18 Nov 2020 17:54:46 +0000 Subject: Plug leak in x509_verify_chain_dup() x509_verify_chain_new() allocates a few members of a certificate chain: an empty stack of certificates, a list of errors encountered while validating the chain, and a list of name constraints. The function to copy a chain would allocate a new chain using x509_verify_chain_new() and then clobber its members by copies of the old chain. Fix this by replacing x509_verify_chain_new() with calloc(). Found by review while investigating the report by Hanno Zysik who found the same leak using valgrind. This is a cleaner version of my initial fix from jsing. ok jsing --- src/lib/libcrypto/x509/x509_verify.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/lib') diff --git a/src/lib/libcrypto/x509/x509_verify.c b/src/lib/libcrypto/x509/x509_verify.c index 76cc70a204..59a8a1e5b6 100644 --- a/src/lib/libcrypto/x509/x509_verify.c +++ b/src/lib/libcrypto/x509/x509_verify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_verify.c,v 1.23 2020/11/18 17:13:55 tb Exp $ */ +/* $OpenBSD: x509_verify.c,v 1.24 2020/11/18 17:54:46 tb Exp $ */ /* * Copyright (c) 2020 Bob Beck * @@ -86,7 +86,7 @@ x509_verify_chain_dup(struct x509_verify_chain *chain) { struct x509_verify_chain *new_chain; - if ((new_chain = x509_verify_chain_new()) == NULL) + if ((new_chain = calloc(1, sizeof(*chain))) == NULL) goto err; if ((new_chain->certs = X509_chain_up_ref(chain->certs)) == NULL) goto err; -- cgit v1.2.3-55-g6feb