From: Remi Tricot-Le Breton <rlebreton@haproxy.com>
Date: Fri, 4 Feb 2022 13:24:15 +0000 (+0100)
Subject: BUG/MINOR: jwt: Memory leak if same key is used in multiple jwt_verify calls
X-Git-Tag: v2.6-dev2~125
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d544d33e10868963407212660466aa552d5888e6;p=thirdparty%2Fhaproxy.git

BUG/MINOR: jwt: Memory leak if same key is used in multiple jwt_verify calls

If the same filename was specified in multiple calls of the jwt_verify
converter, we would have parsed the contents of the file every time it
was used instead of checking if the entry already existed in the tree.
This lead to memory leaks because we would not insert the duplicated
entry and we would not free it (as well as the EVP_PKEY it referenced).
We now check the return value of ebst_insert and free the current entry
if it is a duplicate of an existing entry.
The order in which the tree insert and the pkey parsing happen was also
switched in order to avoid parsing key files in case of duplicates.

Should be backported to 2.5.
---

diff --git a/src/jwt.c b/src/jwt.c
index 848de99f64..7f20e374b6 100644
--- a/src/jwt.c
+++ b/src/jwt.c
@@ -133,6 +133,18 @@ int jwt_tree_load_cert(char *path, int pathlen, char **err)
 	EVP_PKEY *pkey = NULL;
 	BIO *bio = NULL;
 
+	entry = calloc(1, sizeof(*entry) + pathlen + 1);
+	if (!entry) {
+		memprintf(err, "%sunable to allocate memory (jwt_cert_tree_entry).\n", err && *err ? *err : "");
+		return -1;
+	}
+	memcpy(entry->path, path, pathlen + 1);
+
+	if (ebst_insert(&jwt_cert_tree, &entry->node) != &entry->node) {
+		free(entry);
+		return 0; /* Entry already in the tree */
+	}
+
 	bio = BIO_new(BIO_s_file());
 	if (!bio) {
 		memprintf(err, "%sunable to allocate memory (BIO).\n", err && *err ? *err : "");
@@ -148,20 +160,18 @@ int jwt_tree_load_cert(char *path, int pathlen, char **err)
 			goto end;
 		}
 
-		entry = calloc(1, sizeof(*entry) + pathlen + 1);
-		if (!entry) {
-			memprintf(err, "%sunable to allocate memory (jwt_cert_tree_entry).\n", err && *err ? *err : "");
-			goto end;
-		}
-
-		memcpy(entry->path, path, pathlen + 1);
 		entry->pkey = pkey;
-
-		ebst_insert(&jwt_cert_tree, &entry->node);
 		retval = 0;
 	}
 
 end:
+	if (retval) {
+		/* Some error happened during pkey parsing, remove the already
+		 * inserted node from the tree and free it.
+		 */
+		ebmb_delete(&entry->node);
+		free(entry);
+	}
 	BIO_free(bio);
 	return retval;
 }