From 374d5cf2f6b8bdf87c04b5e293a7d291f2c23203 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Mon, 11 Oct 2021 15:04:46 +0200 Subject: [PATCH] cmp_vfy.c, encoder_lib.c: Fix potential leak of a BIO Fixes #16787 Reviewed-by: Matt Caswell Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/16804) --- crypto/cmp/cmp_vfy.c | 4 +++- crypto/encode_decode/encoder_lib.c | 7 +++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c index aa4665a5629..b9d6fc2bdd1 100644 --- a/crypto/cmp/cmp_vfy.c +++ b/crypto/cmp/cmp_vfy.c @@ -27,12 +27,14 @@ static int verify_signature(const OSSL_CMP_CTX *cmp_ctx, { OSSL_CMP_PROTECTEDPART prot_part; EVP_PKEY *pubkey = NULL; - BIO *bio = BIO_new(BIO_s_mem()); /* may be NULL */ + BIO *bio; int res = 0; if (!ossl_assert(cmp_ctx != NULL && msg != NULL && cert != NULL)) return 0; + bio = BIO_new(BIO_s_mem()); /* may be NULL */ + /* verify that keyUsage, if present, contains digitalSignature */ if (!cmp_ctx->ignore_keyusage && (X509_get_key_usage(cert) & X509v3_KU_DIGITAL_SIGNATURE) == 0) { diff --git a/crypto/encode_decode/encoder_lib.c b/crypto/encode_decode/encoder_lib.c index 6c20fbb3d16..cfd9275172f 100644 --- a/crypto/encode_decode/encoder_lib.c +++ b/crypto/encode_decode/encoder_lib.c @@ -92,7 +92,7 @@ int OSSL_ENCODER_to_fp(OSSL_ENCODER_CTX *ctx, FILE *fp) int OSSL_ENCODER_to_data(OSSL_ENCODER_CTX *ctx, unsigned char **pdata, size_t *pdata_len) { - BIO *out = BIO_new(BIO_s_mem()); + BIO *out; BUF_MEM *buf = NULL; int ret = 0; @@ -101,7 +101,10 @@ int OSSL_ENCODER_to_data(OSSL_ENCODER_CTX *ctx, unsigned char **pdata, return 0; } - if (OSSL_ENCODER_to_bio(ctx, out) + out = BIO_new(BIO_s_mem()); + + if (out != NULL + && OSSL_ENCODER_to_bio(ctx, out) && BIO_get_mem_ptr(out, &buf) > 0) { ret = 1; /* Hope for the best. A too small buffer will clear this */ -- 2.47.2