]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 677fce1) | patch
Fix memory leak in get_str_from_file()
authorYZL0v3ZZ <2055877225@qq.com>
Wed, 11 Mar 2026 14:16:48 +0000 (22:16 +0800)
committerTodd Short <todd.short@me.com>
Fri, 13 Mar 2026 15:27:20 +0000 (11:27 -0400)
commit1d53439b176ad4e083e5519ff73ee830f679a3b0
treea116ced3b76cedda15cd789da83ff44f56b6b27ctree | snapshot
parent677fce1ddf92701a129a7fff95d1358d527d7d2ccommit | diff
Fix memory leak in get_str_from_file()

If BIO_gets encounters an empty file or read error, the function
returns NULL without freeing the dynamically allocated heap block (buf).

Safely clear and free the allocated buffer before returning NULL on
the error path. Since get_str_from_file() may handle cryptographic
keys, OPENSSL_clear_free() is used to prevent leaking sensitive data.

Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/30373)

(cherry picked from commit d286240daa3206c0e7d8b49f0dd6b035170fc41e)
apps/lib/apps.c diff | blob | blame | history
Mirror of https://github.com/openssl/openssl.git