From a57916bb77bc748d39d546df8b878e9f84fe5de8 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Tue, 9 Apr 2024 13:56:00 +0000
Subject: Plug leaks in ASN1_TIME_set_string_internal()
This API can be called with s == NULL, in which case the tm_to_*()
functions helpfully allocate a new s and then leak. This is a rather
ugly fix to make portable ASAN regress happy again, the better fix
will be to rewrite the tm_to_*() functions and adjust their callers.
That is more intrusive and will be done in a later pass.
ok bcook jsing
---
src/lib/libcrypto/asn1/a_time_tm.c | 23 +++++++++++++++++------
1 file changed, 17 insertions(+), 6 deletions(-)
(limited to 'src')
diff --git a/src/lib/libcrypto/asn1/a_time_tm.c b/src/lib/libcrypto/asn1/a_time_tm.c
index c8eabec08f..16b9df2584 100644
--- a/src/lib/libcrypto/asn1/a_time_tm.c
+++ b/src/lib/libcrypto/asn1/a_time_tm.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_time_tm.c,v 1.34 2024/04/08 19:57:40 beck Exp $ */
+/* $OpenBSD: a_time_tm.c,v 1.35 2024/04/09 13:56:00 tb Exp $ */
/*
* Copyright (c) 2015 Bob Beck <beck@openbsd.org>
*
@@ -344,21 +344,32 @@ ASN1_time_parse(const char *bytes, size_t len, struct tm *tm, int mode)
static int
ASN1_TIME_set_string_internal(ASN1_TIME *s, const char *str, int mode)
{
+ ASN1_TIME *atime = s;
struct tm tm;
int type;
+ int ret = 0;
if ((type = ASN1_time_parse(str, strlen(str), &tm, mode)) == -1)
return (0);
- switch(mode) {
+ switch (mode) {
case V_ASN1_UTCTIME:
- return (type == mode && tm_to_utctime(&tm, s) != NULL);
+ ret = (type == mode && (atime = tm_to_utctime(&tm, s)) != NULL);
+ break;
case V_ASN1_GENERALIZEDTIME:
- return (type == mode && tm_to_gentime(&tm, s) != NULL);
+ ret = (type == mode && (atime = tm_to_gentime(&tm, s)) != NULL);
+ break;
case RFC5280:
- return (tm_to_rfc5280_time(&tm, s) != NULL);
+ ret = ((atime = tm_to_rfc5280_time(&tm, s)) != NULL);
+ break;
default:
- return (0);
+ ret = 0;
+ break;
}
+
+ if (atime != s)
+ ASN1_TIME_free(atime);
+
+ return ret;
}
static ASN1_TIME *
--
cgit v1.2.3-55-g6feb