From: Antonio Quartulli <antonio@openvpn.net>
Date: Mon, 5 Apr 2021 08:00:05 +0000 (+0200)
Subject: openssl: fix EVP_PKEY_CTX memory leak
X-Git-Tag: v2.6_beta1~554
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=24e58164b845614c2176bc6b2a939856fd830c53;p=thirdparty%2Fopenvpn.git

openssl: fix EVP_PKEY_CTX memory leak

A context allocated with EVP_PKEY_CTX_new_id() must be ultimately free'd
by Eng VP_PKEY_CTX_free(). Failing to do so will result in a memory leak.

This bug was discovered using GCC with "-fsanitize=address".

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20210405080007.1665-1-a@unstable.cc>
URL: https://www.mail-archive.com/search?l=mid&q=20210405080007.1665-1-a@unstable.cc
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index f3e86863e..d54ca6d26 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -1125,37 +1125,41 @@ bool
 ssl_tls1_PRF(const uint8_t *seed, int seed_len, const uint8_t *secret,
              int secret_len, uint8_t *output, int output_len)
 {
+    bool ret = false;
     EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL);
     if (!EVP_PKEY_derive_init(pctx))
     {
-        return false;
+        goto out;
     }
 
     if (!EVP_PKEY_CTX_set_tls1_prf_md(pctx, EVP_md5_sha1()))
     {
-        return false;
+        goto out;
     }
 
     if (!EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, secret, secret_len))
     {
-        return false;
+        goto out;
     }
 
     if (!EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed, seed_len))
     {
-        return false;
+        goto out;
     }
 
     size_t out_len = output_len;
     if (!EVP_PKEY_derive(pctx, output, &out_len))
     {
-        return false;
+        goto out;
     }
     if (out_len != output_len)
     {
-        return false;
+        goto out;
     }
-    return true;
+    ret = true;
+out:
+    EVP_PKEY_CTX_free(pctx);
+    return ret;
 }
 #else  /* if OPENSSL_VERSION_NUMBER >= 0x10100000L */
 /*