From 762f1ebe8d1b26e78cd4923f832a611c8a5f0a89 Mon Sep 17 00:00:00 2001 From: Masahiro Yamada Date: Mon, 6 Feb 2017 21:15:01 +0900 Subject: [PATCH] cert_create: fix memory leak bug caused by key container overwrite In the current code, both key_load() and key_create() call key_new() to allocate a key container (and they do not free it even if they fail). If a specific key is not given by the command option, key_load() fails, then key_create() is called. At this point, the key container that has been allocated in key_load() is still alive, and it is overwritten by a new key container created by key_create(). Move the key_new() call to the main() function to make sure it is called just once for each descriptor. While we are here, let's fix one more bug; the error handling code ERROR("Malloc error while loading '%s'\n", keys[i].fn); is wrong because keys[i].fn is NULL pointer unless a specific key is given by the command option. This code could be run in either case. Signed-off-by: Masahiro Yamada --- tools/cert_create/include/key.h | 1 + tools/cert_create/src/key.c | 13 +------------ tools/cert_create/src/main.c | 11 ++++++----- 3 files changed, 8 insertions(+), 17 deletions(-) diff --git a/tools/cert_create/include/key.h b/tools/cert_create/include/key.h index f60997f0f..433f72cef 100644 --- a/tools/cert_create/include/key.h +++ b/tools/cert_create/include/key.h @@ -73,6 +73,7 @@ typedef struct key_s { /* Exported API */ int key_init(void); key_t *key_get_by_opt(const char *opt); +int key_new(key_t *key); int key_create(key_t *key, int type); int key_load(key_t *key, unsigned int *err_code); int key_store(key_t *key); diff --git a/tools/cert_create/src/key.c b/tools/cert_create/src/key.c index a7ee75969..47c152c72 100644 --- a/tools/cert_create/src/key.c +++ b/tools/cert_create/src/key.c @@ -49,7 +49,7 @@ /* * Create a new key container */ -static int key_new(key_t *key) +int key_new(key_t *key) { /* Create key pair container */ key->key = EVP_PKEY_new(); @@ -123,11 +123,6 @@ int key_create(key_t *key, int type) return 0; } - /* Create OpenSSL key container */ - if (!key_new(key)) { - return 0; - } - if (key_create_fn[type]) { return key_create_fn[type](key); } @@ -140,12 +135,6 @@ int key_load(key_t *key, unsigned int *err_code) FILE *fp = NULL; EVP_PKEY *k = NULL; - /* Create OpenSSL key container */ - if (!key_new(key)) { - *err_code = KEY_ERR_MALLOC; - return 0; - } - if (key->fn) { /* Load key from file */ fp = fopen(key->fn, "r"); diff --git a/tools/cert_create/src/main.c b/tools/cert_create/src/main.c index c58f41dea..dac9e57c0 100644 --- a/tools/cert_create/src/main.c +++ b/tools/cert_create/src/main.c @@ -367,6 +367,11 @@ int main(int argc, char *argv[]) /* Load private keys from files (or generate new ones) */ for (i = 0 ; i < num_keys ; i++) { + if (!key_new(&keys[i])) { + ERROR("Failed to allocate key container\n"); + exit(1); + } + /* First try to load the key from disk */ if (key_load(&keys[i], &err_code)) { /* Key loaded successfully */ @@ -374,11 +379,7 @@ int main(int argc, char *argv[]) } /* Key not loaded. Check the error code */ - if (err_code == KEY_ERR_MALLOC) { - /* Cannot allocate memory. Abort. */ - ERROR("Malloc error while loading '%s'\n", keys[i].fn); - exit(1); - } else if (err_code == KEY_ERR_LOAD) { + if (err_code == KEY_ERR_LOAD) { /* File exists, but it does not contain a valid private * key. Abort. */ ERROR("Error loading '%s'\n", keys[i].fn); -- GitLab