From patchwork Sat Oct 30 07:57:56 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Selva Nair <selva.nair@gmail.com>
X-Patchwork-Id: 2052
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Delivered-To: patchwork@openvpn.net
Received: from director10.mail.ord1d.rsapps.net ([172.31.255.6])
	by backend30.mail.ord1d.rsapps.net with LMTP
	id QLnNHwyWfWG2TgAAIUCqbw
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Sat, 30 Oct 2021 14:59:24 -0400
Received: from proxy6.mail.iad3b.rsapps.net ([172.31.255.6])
	by director10.mail.ord1d.rsapps.net with LMTP
	id aIaIHwyWfWFlcAAApN4f7A
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Sat, 30 Oct 2021 14:59:24 -0400
Received: from smtp33.gate.iad3b ([172.31.255.6])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by proxy6.mail.iad3b.rsapps.net with LMTPS
	id +CGqGAyWfWFYJwAARawThA
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Sat, 30 Oct 2021 14:59:24 -0400
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-Orig-To: openvpnslackdevel@openvpn.net
X-Originating-Ip: [216.105.38.7]
Authentication-Results: smtp33.gate.iad3b.rsapps.net;
 iprev=pass policy.iprev="216.105.38.7";
 spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net"
 smtp.helo="lists.sourceforge.net";
 dkim=fail (signature verification failed) header.d=sourceforge.net;
 dkim=fail (signature verification failed) header.d=sf.net;
 dkim=fail (signature verification failed) header.d=gmail.com;
 dmarc=fail (p=none; dis=none) header.from=gmail.com
X-Suspicious-Flag: YES
X-Classification-ID: 7efb67e8-39b3-11ec-ab03-525400fb5834-1-1
Received: from [216.105.38.7] ([216.105.38.7:59024]
 helo=lists.sourceforge.net)
	by smtp33.gate.iad3b.rsapps.net (envelope-from
 <openvpn-devel-bounces@lists.sourceforge.net>)
	(ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384)
	id 25/85-09544-B069D716; Sat, 30 Oct 2021 14:59:24 -0400
Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com)
	by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.94.2)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1mgtYX-0000vN-03; Sat, 30 Oct 2021 18:58:17 +0000
Received: from [172.30.20.202] (helo=mx.sourceforge.net)
 by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2)
 (envelope-from <selva.nair@gmail.com>) id 1mgtYV-0000vH-GS
 for openvpn-devel@lists.sourceforge.net; Sat, 30 Oct 2021 18:58:15 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id:
 Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=W1wWyC0nP/gpGkoFNOa4VmfrOUtwXWYOkdQ43dlcK1o=; b=YAX1fEDgPJJWY1hmeSNeINyWyW
 uNyy6yd0AecaCWLHARttlcClLnRx0iHivQwvDqVeHdNmSvho+P/6DPL+SN8njwQwgp/rxhvRl6chw
 R1gcEJlJddKaYRsNiR/Cl9FMz0ghNgD6GDYsOph+fnuIt/VlZqWIMMO6egJ5YAg6HlYI=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From
 :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date:
 Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:
 References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:
 List-Owner:List-Archive; bh=W1wWyC0nP/gpGkoFNOa4VmfrOUtwXWYOkdQ43dlcK1o=; b=J
 Uuc7J07jX3NJu+wduJ43xQNRA6KqEChOZrD7I89qBucPVhOgmi6QTxhmozvr3LN6b9GkQrjNIFjOP
 sXB+7J/cEllgrKAqiQO9Ue1s13LDB+T6WaKwVteQoSzM3zQ7ZWe4ftC0XjqAQu6Qs21QwWYC7zmYQ
 vQaZuklatAZhhIVU=;
Received: from mail-qk1-f176.google.com ([209.85.222.176])
 by sfi-mx-2.v28.lw.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92.3)
 id 1mgtYQ-00023K-0f
 for openvpn-devel@lists.sourceforge.net; Sat, 30 Oct 2021 18:58:15 +0000
Received: by mail-qk1-f176.google.com with SMTP id bi29so12717174qkb.5
 for <openvpn-devel@lists.sourceforge.net>;
 Sat, 30 Oct 2021 11:58:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=W1wWyC0nP/gpGkoFNOa4VmfrOUtwXWYOkdQ43dlcK1o=;
 b=HY70uoAPh8Kn7nZGDWKSxURDUTpXUkMzFrrCP2eQ6dvWAaw+VEkS6nemh4dq5gfWdE
 ntFBThpK7g2CsyS80FvOeEAtojR9yhe6FdEWzWyR0T2CxsIYUvUAILUQbMc7J2cHhkyl
 71meVo6jtbDnLcntoHMWsgzV753hwl+WnIFnAZhuNYgWppH3XIe+LHstjdHNsZSimryF
 uYU3YmUBzQNqIwUTySI6UxLhQTMesQ+T6U4gpLi2qzS1yKTUyIhdTM8Go9zYEXcd7Koj
 MzgjhLTl9GKqpq6P22nfvE/6CecbM9Ij5/ymZuB7sLXsSEdBjfvNdAiazNhYFg8chIP4
 x1qQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=W1wWyC0nP/gpGkoFNOa4VmfrOUtwXWYOkdQ43dlcK1o=;
 b=VNC/OG+qAZ+bJP+fmQ1z3FeIcIB5HiBkexw0nmZAK67qb32jU9xqRMYJHol2AT7TqN
 I2gFytc08TwfXBI//MiMUVxw2hwWW0DiMY/qNGBxg4IjMwpuAmfftwCabGDga75w4UuF
 rovkO46zDBewaJZqFTPFQN2KyrYO7T6wrFk+McYiUaXCFHfApOV30C+x0KZNBBPZCTir
 sCxly53Lb/ZU/iMmgUYCTorpF3jp5sNnliiplbwCVRUMfkRlU1F7BdNeomvPg+h5VB6w
 JIpYdJLUDxz2diE7HgQKz2CozwONfEawE3s/NHf26ESQrxMvBN7g0adMu73ckcw6k/4Y
 mmIg==
X-Gm-Message-State: AOAM530ZooUb7HlDNhW44z8tfPzcJb6YgL6aUuAVy+Ts6ndS21aIGKGD
 qcpMXXoEt+JzLsfouZOVZfJcKPWsgXU=
X-Google-Smtp-Source: 
 ABdhPJwfYqpq4edm1e4aTebb4aHeNKhuFp75scClhklVSVVa0iLDKfXxai1sBL4ckyjLv7Ixe87k/w==
X-Received: by 2002:a37:2d04:: with SMTP id t4mr14704360qkh.463.1635620284073;
 Sat, 30 Oct 2021 11:58:04 -0700 (PDT)
Received: from uranus.home.sansel.ca
 (bras-vprn-tnhlon4053w-lp130-02-70-51-223-227.dsl.bell.ca. [70.51.223.227])
 by smtp.gmail.com with ESMTPSA id 10sm6822150qkv.37.2021.10.30.11.58.03
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sat, 30 Oct 2021 11:58:03 -0700 (PDT)
From: selva.nair@gmail.com
To: openvpn-devel@lists.sourceforge.net
Date: Sat, 30 Oct 2021 14:57:56 -0400
Message-Id: <20211030185756.1831-1-selva.nair@gmail.com>
X-Mailer: git-send-email 2.30.2
MIME-Version: 1.0
X-Spam-Report: Spam detection software,
 running on the system "util-spamd-2.v13.lw.sourceforge.com",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  From: Selva Nair In OpenSSL 3.0, fetched algorithms must be
 freed (down referenced). In this case,
 though EVP_MAC_CTX_new() keeps a reference
 to 'hmac', it up-refs it. So we have to free it here before return.
 Content analysis details:   (-0.2 points, 6.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
 no trust [209.85.222.176 listed in list.dnswl.org]
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
 provider [selva.nair[at]gmail.com]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily
 valid
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
 author's domain
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
 envelope-from domain
 -0.0 RCVD_IN_MSPIKE_H2      RBL: Average reputation (+2)
 [209.85.222.176 listed in wl.mailspike.net]
X-Headers-End: 1mgtYQ-00023K-0f
Subject: [Openvpn-devel] [PATCH] Avoid memory leak in hmac_ctx_new (OpenSSL
 3.0 only)
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox

From: Selva Nair <selva.nair@gmail.com>

In OpenSSL 3.0, fetched algorithms must be freed
(down referenced). In this case, though EVP_MAC_CTX_new()
keeps a reference to 'hmac', it up-refs it. So we have to free
it here before return.

(Tested using an enable-asan build).

Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-By: Arne Schwabe <arne@rfc2549.org>
---
 src/openvpn/crypto_openssl.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index 6b18551e..9d823add 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -1063,6 +1063,9 @@ hmac_ctx_new(void)
     EVP_MAC *hmac = EVP_MAC_fetch(NULL, "HMAC", NULL);
     ctx->ctx = EVP_MAC_CTX_new(hmac);
     check_malloc_return(ctx->ctx);
+
+    EVP_MAC_free(hmac);
+
     return ctx;
 }