[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnurl] 385/411: openssl: free mem_buf in error path
From: |
gnunet |
Subject: |
[gnurl] 385/411: openssl: free mem_buf in error path |
Date: |
Wed, 13 Jan 2021 01:23:20 +0100 |
This is an automated email from the git hooks/post-receive script.
nikita pushed a commit to branch master
in repository gnurl.
commit 2d4d012a49a058ed886ef95cd91b412a98002006
Author: Daniel Stenberg <daniel@haxx.se>
AuthorDate: Mon Nov 30 17:36:42 2020 +0100
openssl: free mem_buf in error path
To fix a memory-leak.
Closes #6267
---
lib/vtls/openssl.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 8309bc405..04bf0c15a 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -2731,33 +2731,33 @@ static CURLcode ossl_connect_step1(struct connectdata
*conn, int sockindex)
if(ssl_cert || ssl_cert_blob || ssl_cert_type) {
BIO *ssl_cert_bio = NULL;
BIO *ssl_key_bio = NULL;
- int result_cert_stuff;
if(ssl_cert_blob) {
/* the typecast of blob->len is fine since it is guaranteed to never be
larger than CURL_MAX_INPUT_LENGTH */
ssl_cert_bio = BIO_new_mem_buf(ssl_cert_blob->data,
(int)ssl_cert_blob->len);
if(!ssl_cert_bio)
- return CURLE_SSL_CERTPROBLEM;
+ result = CURLE_OUT_OF_MEMORY;
}
- if(SSL_SET_OPTION(key_blob)) {
+ if(!result && SSL_SET_OPTION(key_blob)) {
ssl_key_bio = BIO_new_mem_buf(SSL_SET_OPTION(key_blob)->data,
(int)SSL_SET_OPTION(key_blob)->len);
if(!ssl_key_bio)
- return CURLE_SSL_CERTPROBLEM;
+ result = CURLE_OUT_OF_MEMORY;
}
- result_cert_stuff = cert_stuff(conn, backend->ctx,
+ if(!result &&
+ !cert_stuff(conn, backend->ctx,
ssl_cert, ssl_cert_bio, ssl_cert_type,
SSL_SET_OPTION(key), ssl_key_bio,
- SSL_SET_OPTION(key_type), SSL_SET_OPTION(key_passwd));
+ SSL_SET_OPTION(key_type), SSL_SET_OPTION(key_passwd)))
+ result = CURLE_SSL_CERTPROBLEM;
if(ssl_cert_bio)
BIO_free(ssl_cert_bio);
if(ssl_key_bio)
BIO_free(ssl_key_bio);
- if(!result_cert_stuff) {
+ if(result)
/* failf() is already done in cert_stuff() */
- return CURLE_SSL_CERTPROBLEM;
- }
+ return result;
}
ciphers = SSL_CONN_CONFIG(cipher_list);
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [gnurl] 377/411: socks: check for DNS entries with the right port number, (continued)
- [gnurl] 377/411: socks: check for DNS entries with the right port number, gnunet, 2021/01/12
- [gnurl] 372/411: file: avoid duplicated code sequence, gnunet, 2021/01/12
- [gnurl] 376/411: curl_setup: USE_RESOLVE_ON_IPS is for Apple native resolver use, gnunet, 2021/01/12
- [gnurl] 292/411: tests: add missing global_init/cleanup calls, gnunet, 2021/01/12
- [gnurl] 356/411: openssl: guard against OOM on context creation, gnunet, 2021/01/12
- [gnurl] 280/411: mailmap: set Viktor Szakats's email, gnunet, 2021/01/12
- [gnurl] 269/411: CI/appveyor: disable test 571 in two cmake builds, gnunet, 2021/01/12
- [gnurl] 326/411: ngtcp2: adapt to recent nghttp3 updates, gnunet, 2021/01/12
- [gnurl] 411/411: add lowercase curl, gnunet, 2021/01/12
- [gnurl] 393/411: SECURITY-PROCESS: disclose on hackerone, gnunet, 2021/01/12
- [gnurl] 385/411: openssl: free mem_buf in error path,
gnunet <=
- [gnurl] 397/411: ftp: retry getpeername for FTP with TCP_FASTOPEN, gnunet, 2021/01/12
- [gnurl] 406/411: RELEASE-NOTES: synced, gnunet, 2021/01/12
- [gnurl] 398/411: Revert "multi: implement wait using winsock events", gnunet, 2021/01/12
- [gnurl] 387/411: NEW-PROTOCOL: document what needs to be done to add one, gnunet, 2021/01/12
- [gnurl] 383/411: ntlm: avoid malloc(0) on zero length user and domain, gnunet, 2021/01/12
- [gnurl] 355/411: cmake: use libcurl.rc in all Windows builds, gnunet, 2021/01/12
- [gnurl] 360/411: curl: add compatibility for Amiga and GCC 6.5, gnunet, 2021/01/12
- [gnurl] 345/411: KNOWN_BUGS: make a new section for cmake topics, gnunet, 2021/01/12
- [gnurl] 274/411: RELEASE-NOTES: synced, gnunet, 2021/01/12
- [gnurl] 330/411: THANKS-filter: ignore autobuild links, gnunet, 2021/01/12