]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4ee81ec) | patch
Fix a possible memleak in bind_afalg
authorBernd Edlinger <bernd.edlinger@hotmail.de>
Sun, 28 Jan 2024 22:50:16 +0000 (23:50 +0100)
committerMatt Caswell <matt@openssl.org>
Wed, 31 Jan 2024 10:34:21 +0000 (10:34 +0000)
commit25681cb8dcc3086c681917926fe8199df14bf83e
tree9b997d910d6fd0d858fd64a030f0d1135c364787tree
parent4ee81ec4e0c2842d9ec1549a83516000b4685a4dcommit | diff
Fix a possible memleak in bind_afalg

bind_afalg calls afalg_aes_cbc which allocates
cipher_handle->_hidden global object(s)
but if one of them fails due to out of memory,
the function bind_afalg relies on the engine destroy
method to be called.  But that does not happen
because the dynamic engine object is not destroyed
in the usual way in dynamic_load in this case:

If the bind_engine function fails, there will be no
further calls into the shared object.
See ./crypto/engine/eng_dyn.c near the comment:
/* Copy the original ENGINE structure back */

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23409)

(cherry picked from commit 729a1496cc4cda669dea6501c991113c78f04560)
engines/e_afalg.c diff | blob | blame | history
Mirror of https://github.com/openssl/openssl.git