root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity
openssl/crypto/x509
History
Bernd Edlinger e9007e0979 Fix a memory leak in crl_set_issuers 
This can be reproduced with my error injection patch.

The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.

$ ERROR_INJECT=1653520461 ../util/shlib_wrap.sh ./cms-test ./corpora/cms/3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1
log file: cms-3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1-32454-test.out
ERROR_INJECT=1653520461
    #0 0x7fd5d8b8eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
    #1 0x402fc4 in my_realloc fuzz/test-corpus.c:129
    #2 0x7fd5d8893c49 in sk_reserve crypto/stack/stack.c:198
    #3 0x7fd5d8893c49 in OPENSSL_sk_insert crypto/stack/stack.c:242
    #4 0x7fd5d88d6d7f in sk_GENERAL_NAMES_push include/openssl/x509v3.h:168
    #5 0x7fd5d88d6d7f in crl_set_issuers crypto/x509/x_crl.c:111
    #6 0x7fd5d88d6d7f in crl_cb crypto/x509/x_crl.c:246
    #7 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
    #8 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
    #9 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
    #10 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
    #11 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
    #12 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
    #13 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
    #14 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
    #15 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
    #16 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
    #17 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
    #18 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
    #19 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
    #20 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
    #21 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
    #22 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
    #23 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
    #24 0x402bbb in testfile fuzz/test-corpus.c:182
    #25 0x402626 in main fuzz/test-corpus.c:226
    #26 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
    #27 0x402706  (/home/ed/OPC/openssl/fuzz/cms-test+0x402706)

=================================================================
==29625==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x7fd5d8b8309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
    #1 0x7fd5d87c2430 in CRYPTO_zalloc crypto/mem.c:230
    #2 0x7fd5d889501f in OPENSSL_sk_new_reserve crypto/stack/stack.c:209
    #3 0x7fd5d85dcbc3 in sk_ASN1_VALUE_new_null include/openssl/asn1t.h:928
    #4 0x7fd5d85dcbc3 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:577
    #5 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
    #6 0x7fd5d85db104 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:178
    #7 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
    #8 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
    #9 0x7fd5d88f86d9 in X509V3_EXT_d2i crypto/x509v3/v3_lib.c:142
    #10 0x7fd5d88d6d3c in crl_set_issuers crypto/x509/x_crl.c:97
    #11 0x7fd5d88d6d3c in crl_cb crypto/x509/x_crl.c:246
    #12 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
    #13 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
    #14 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
    #15 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
    #16 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
    #17 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
    #18 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
    #19 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
    #20 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
    #21 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
    #22 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
    #23 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
    #24 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
    #25 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
    #26 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
    #27 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
    #28 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
    #29 0x402bbb in testfile fuzz/test-corpus.c:182
    #30 0x402626 in main fuzz/test-corpus.c:226
    #31 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s).

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18391)
 		2022-05-25 13:04:09 +02:00
..
build.info x509_trs.c: rename to x509_trust.c and correct comment in trust_compat() 2021-06-08 07:47:18 +02:00
by_dir.c Update copyright year 2022-05-03 13:34:51 +01:00
by_file.c Update copyright year 2021-05-20 14:22:33 +01:00
by_store.c Make the -inform option to be respected if possible 2021-05-06 11:43:32 +01:00
ext_dat.h Update copyright year 2021-04-08 13:04:41 +01:00
pcy_cache.c fix some code with obvious wrong coding style 2021-10-28 13:10:46 +10:00
pcy_data.c Update copyright year 2021-04-08 13:04:41 +01:00
pcy_lib.c Fix safestack issues in x509v3.h 2020-09-13 11:09:45 +01:00
pcy_local.h Update copyright year 2021-04-08 13:04:41 +01:00
pcy_map.c Update copyright year 2021-04-08 13:04:41 +01:00
pcy_node.c fix some code with obvious wrong coding style 2021-10-28 13:10:46 +10:00
pcy_tree.c Add ossl_ symbol to x509 policy 2021-03-18 17:52:37 +10:00
standard_exts.h Update copyright year 2021-04-08 13:04:41 +01:00
t_crl.c Update copyright year 2021-05-06 13:03:23 +01:00
t_req.c Add X509 version constants. 2021-04-28 11:40:06 +02:00
t_x509.c Update copyright year 2022-05-03 13:34:51 +01:00
v3_addr.c x509: remove TODOs 2021-06-02 16:30:15 +10:00
v3_admis.c fix some code with obvious wrong coding style 2021-10-28 13:10:46 +10:00
v3_admis.h
v3_akeya.c
v3_akid.c Update copyright year 2022-05-03 13:34:51 +01:00
v3_asid.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_bcons.c x509: remove TODOs 2021-06-02 16:30:15 +10:00
v3_bitst.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_conf.c Add and use HAS_PREFIX() and CHECK_AND_SKIP_PREFIX() for checking if string has literal prefix 2021-11-17 15:48:34 +01:00
v3_cpols.c Add and use HAS_PREFIX() and CHECK_AND_SKIP_PREFIX() for checking if string has literal prefix 2021-11-17 15:48:34 +01:00
v3_crld.c Update copyright year 2022-05-03 13:34:51 +01:00
v3_enum.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_extku.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_genn.c Correctly compare EdiPartyName in GENERAL_NAME_cmp() 2020-12-08 10:16:50 +00:00
v3_ia5.c Add more negative checks for integers passed to OPENSSL_malloc(). 2021-04-16 12:10:08 +10:00
v3_info.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_int.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_ist.c Update copyright year 2022-05-03 13:34:51 +01:00
v3_lib.c Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call 2020-11-13 09:35:02 +01:00
v3_ncons.c Add and use HAS_PREFIX() and CHECK_AND_SKIP_PREFIX() for checking if string has literal prefix 2021-11-17 15:48:34 +01:00
v3_pci.c Add and use HAS_PREFIX() and CHECK_AND_SKIP_PREFIX() for checking if string has literal prefix 2021-11-17 15:48:34 +01:00
v3_pcia.c fix some code with obvious wrong coding style 2021-10-28 13:10:46 +10:00
v3_pcons.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_pku.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_pmaps.c Update copyright year 2021-04-08 13:04:41 +01:00
v3_prn.c Fix safestack issues in conf.h 2020-09-13 11:11:20 +01:00
v3_purp.c Improve the documentation of cert path building and validation 2021-06-08 07:47:41 +02:00
v3_san.c X509V3_set_ctx(): Clarify subject/req parameter for constructing SAN email addresses from subject DN 2021-12-07 15:14:49 +01:00
v3_skid.c X509V3_set_ctx(): Clarify use of subject/req parameter for constructing SKID by hash of pubkey 2021-12-07 15:13:26 +01:00
v3_sxnet.c Update copyright year 2022-05-03 13:34:51 +01:00
v3_tlsf.c Update copyright year 2022-05-03 13:34:51 +01:00
v3_utf8.c Update copyright year 2022-05-03 13:34:51 +01:00
v3_utl.c Update copyright year 2022-05-03 13:34:51 +01:00
v3err.c Update copyright year 2022-05-03 13:34:51 +01:00
x509_att.c Update copyright year 2021-04-08 13:04:41 +01:00
x509_cmp.c Fix a memory leak in X509_issuer_and_serial_hash 2022-05-24 11:52:46 +02:00
x509_d2.c Rename OPENSSL_CTX prefix to OSSL_LIB_CTX 2020-10-15 11:59:53 +01:00
x509_def.c
x509_err.c Update copyright year 2021-06-17 13:24:59 +01:00
x509_ext.c
x509_local.h Update copyright year 2021-04-08 13:04:41 +01:00
x509_lu.c X509{,_LOOKUP}: Improve distinction between not found and fatal/internal error 2022-05-04 16:25:44 +02:00
x509_meth.c Update copyright year 2020-11-26 14:18:57 +00:00
x509_obj.c Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call 2020-11-13 09:35:02 +01:00
x509_r2x.c Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call 2020-11-13 09:35:02 +01:00
x509_req.c Fix usages of const EVP_MD. 2021-03-22 15:40:04 +01:00
x509_set.c Rename all getters to use get/get0 in name 2021-06-01 12:40:00 +02:00
x509_trust.c X509{,_LOOKUP}: Improve distinction between not found and fatal/internal error 2022-05-04 16:25:44 +02:00
x509_txt.c Disallow certs with explicit curve in verification chain 2020-09-17 17:15:15 +02:00
x509_v3.c Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call 2020-11-13 09:35:02 +01:00
x509_vfy.c X509{,_LOOKUP}: Improve distinction between not found and fatal/internal error 2022-05-04 16:25:44 +02:00
x509_vpm.c Inherit hostflags verify params even without hosts 2021-04-09 08:32:38 +10:00
x509cset.c Update copyright year 2021-04-08 13:04:41 +01:00
x509name.c CRYPTO: refactor ERR_raise()+ERR_add_error_data() to ERR_raise_data() 2020-11-13 09:35:31 +01:00
x509rset.c Update copyright year 2020-04-23 13:55:52 +01:00
x509spki.c Update copyright year 2021-04-22 14:38:44 +01:00
x509type.c Update copyright year 2021-06-17 13:24:59 +01:00
x_all.c X509_digest_sig(): Improve default hash for EdDSA and allow to return the chosen default 2021-06-16 14:30:35 +01:00
x_attrib.c Fix NULL pointer access caused by X509_ATTRIBUTE_create() 2020-12-21 15:25:59 +01:00
x_crl.c Fix a memory leak in crl_set_issuers 2022-05-25 13:04:09 +02:00
x_exten.c
x_name.c Fix: invoking x509_name_cannon improperly 2021-11-09 10:05:09 +10:00
x_pubkey.c Update copyright year 2022-05-03 13:34:51 +01:00
x_req.c Ensure libctx/propq is propagated when handling X509_REQ 2021-06-05 17:39:27 +10:00
x_x509.c X509_dup: Avoid duplicating the embedded EVP_PKEY 2021-10-25 14:32:43 +02:00
x_x509a.c Update copyright year 2021-07-29 15:41:35 +01:00