upstream: memleak of KRL revoked certs struct; ok dtucker

author djm@openbsd.org <djm@openbsd.org>

Mon, 15 Sep 2025 04:41:20 +0000 (04:41 +0000)

committer Damien Miller <djm@mindrot.org>

Mon, 15 Sep 2025 06:13:01 +0000 (16:13 +1000)
author djm@openbsd.org <djm@openbsd.org>
Mon, 15 Sep 2025 04:41:20 +0000 (04:41 +0000)
committer Damien Miller <djm@mindrot.org>
Mon, 15 Sep 2025 06:13:01 +0000 (16:13 +1000)
diff --git a/krl.c b/krl.c

index 708eb981307809b9091c6a8bf465f6c0ee4b4cb1..bea5b1b98c4355ae3697c0ecbdc112ab565c6d71 100644 (file)
--- a/krl.c
+++ b/krl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: krl.c,v 1.61 2025/09/05 09:58:08 dtucker Exp $ */
+/* $OpenBSD: krl.c,v 1.62 2025/09/15 04:41:20 djm Exp $ */
  /*
   * Copyright (c) 2012 Damien Miller <djm@mindrot.org>
   *
@@ -149,6 +149,8 @@ revoked_certs_free(struct revoked_certs *rc)
         struct revoked_serial *rs, *trs;
         struct revoked_key_id *rki, *trki;
  
+       if (rc == NULL)
+               return;
         RB_FOREACH_SAFE(rs, revoked_serial_tree, &rc->revoked_serials, trs) {
                 RB_REMOVE(revoked_serial_tree, &rc->revoked_serials, rs);
                 free(rs);
@@ -159,6 +161,7 @@ revoked_certs_free(struct revoked_certs *rc)
                 free(rki);
         }
         sshkey_free(rc->ca_key);
+       freezero(rc, sizeof(*rc));
  }
  
  void
author	djm@openbsd.org <djm@openbsd.org>
	Mon, 15 Sep 2025 04:41:20 +0000 (04:41 +0000)
committer	Damien Miller <djm@mindrot.org>
	Mon, 15 Sep 2025 06:13:01 +0000 (16:13 +1000)