From: YZL0v3ZZ <2055877225@qq.com>
Date: Wed, 11 Mar 2026 14:16:48 +0000 (+0800)
Subject: Fix memory leak in get_str_from_file()
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d286240daa3206c0e7d8b49f0dd6b035170fc41e;p=thirdparty%2Fopenssl.git

Fix memory leak in get_str_from_file()

If BIO_gets encounters an empty file or read error, the function
returns NULL without freeing the dynamically allocated heap block (buf).

Safely clear and free the allocated buffer before returning NULL on
the error path. Since get_str_from_file() may handle cryptographic
keys, OPENSSL_clear_free() is used to prevent leaking sensitive data.

Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/30373)
---

diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index 8747c03028c..6e8167b7e91 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -3824,6 +3824,7 @@ char *get_str_from_file(const char *filename)
     bio = NULL;
     if (n <= 0) {
         BIO_printf(bio_err, "Error reading from %s\n", filename);
+        OPENSSL_clear_free(buf, MAX_KEY_SIZE);
         return NULL;
     }
     tmp = strchr(buf, '\n');