Message ID | 20211030185756.1831-1-selva.nair@gmail.com |
---|---|
State | Accepted |
Headers | show |
Series | [Openvpn-devel] Avoid memory leak in hmac_ctx_new (OpenSSL 3.0 only) | expand |
Am 30.10.21 um 20:57 schrieb selva.nair@gmail.com: > From: Selva Nair <selva.nair@gmail.com> > > In OpenSSL 3.0, fetched algorithms must be freed > (down referenced). In this case, though EVP_MAC_CTX_new() > keeps a reference to 'hmac', it up-refs it. So we have to free > it here before return. > > (Tested using an enable-asan build). > Acked-By: Arne Schwabe <arne@rfc2549.org> Thanks. I overlooked freeing of fetched algorithms. I probably need to look at the fetch patch again too :/ Arne
I have not done "real" testing, just "compile and make check" on ossl 3.0.0 - but if you and Arne agree, this is definitely good enough for me :-) Your patch has been applied to the master branch. commit 31e200f807033ac27566bf37a8d9d32820600a83 Author: Selva Nair Date: Sat Oct 30 14:57:56 2021 -0400 Avoid memory leak in hmac_ctx_new (OpenSSL 3.0 only) Signed-off-by: Selva Nair <selva.nair@gmail.com> Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <20211030185756.1831-1-selva.nair@gmail.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23080.html Signed-off-by: Gert Doering <gert@greenie.muc.de> -- kind regards, Gert Doering
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index 6b18551e..9d823add 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -1063,6 +1063,9 @@ hmac_ctx_new(void) EVP_MAC *hmac = EVP_MAC_fetch(NULL, "HMAC", NULL); ctx->ctx = EVP_MAC_CTX_new(hmac); check_malloc_return(ctx->ctx); + + EVP_MAC_free(hmac); + return ctx; }