cert_create: fix memory leak bug caused by key container overwrite

In the current code, both key_load() and key_create() call key_new() to allocate a key container (and they do not free it even if they fail). If a specific key is not given by the command option, key_load() fails, then key_create() is called. At this point, the key container that has been allocated in key_load() is still alive, and it is overwritten by a new key container created by key_create(). Move the key_new() call to the main() function to make sure it is called just once for each descriptor. While we are here, let's fix one more bug; the error handling code ERROR("Malloc error while loading '%s'\n", keys[i].fn); is wrong because keys[i].fn is NULL pointer unless a specific key is given by the command option. This code could be run in either case. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

cert_create: fix memory leak bug caused by key container overwrite
In the current code, both key_load() and key_create() call key_new() to allocate a key container (and they do not free it even if they fail). If a specific key is not given by the command option, key_load() fails, then key_create() is called. At this point, the key container that has been allocated in key_load() is still alive, and it is overwritten by a new key container created by key_create(). Move the key_new() call to the main() function to make sure it is called just once for each descriptor. While we are here, let's fix one more bug; the error handling code ERROR("Malloc error while loading '%s'\n", keys[i].fn); is wrong because keys[i].fn is NULL pointer unless a specific key is given by the command option. This code could be run in either case. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
762f1ebe · Masahiro Yamada · bab16f99 · 762f1ebe · 762f1ebe · 762f1ebe
Commit 762f1ebe authored Feb 06, 2017 by Masahiro Yamada
--- a/tools/cert_create/include/key.h
+++ b/tools/cert_create/include/key.h
@@ -73,6 +73,7 @@ typedef struct key_s {
 /* Exported API */
 int key_init(void);
 key_t *key_get_by_opt(const char *opt);
+int key_new(key_t *key);
 int key_create(key_t *key, int type);
 int key_load(key_t *key, unsigned int *err_code);
 int key_store(key_t *key);

--- a/tools/cert_create/src/key.c
+++ b/tools/cert_create/src/key.c
@@ -49,7 +49,7 @@
 /*
 * Create a new key container
 */
-static int key_new(key_t *key)
+int key_new(key_t *key)
 {
 	/* Create key pair container */
 	key->key = EVP_PKEY_new();
@@ -123,11 +123,6 @@ int key_create(key_t *key, int type)
 		return 0;
 	}

-	/* Create OpenSSL key container */
-	if (!key_new(key)) {
-		return 0;
-	}
-
 	if (key_create_fn[type]) {
 		return key_create_fn[type](key);
 	}
@@ -140,12 +135,6 @@ int key_load(key_t *key, unsigned int *err_code)
 	FILE *fp = NULL;
 	EVP_PKEY *k = NULL;

-	/* Create OpenSSL key container */
-	if (!key_new(key)) {
-		*err_code = KEY_ERR_MALLOC;
-		return 0;
-	}
-
 	if (key->fn) {
 		/* Load key from file */
 		fp = fopen(key->fn, "r");

--- a/tools/cert_create/src/main.c
+++ b/tools/cert_create/src/main.c
@@ -367,6 +367,11 @@ int main(int argc, char *argv[])

 	/* Load private keys from files (or generate new ones) */
 	for (i = 0 ; i < num_keys ; i++) {
+		if (!key_new(&keys[i])) {
+			ERROR("Failed to allocate key container\n");
+			exit(1);
+		}
+
 		/* First try to load the key from disk */
 		if (key_load(&keys[i], &err_code)) {
 			/* Key loaded successfully */
@@ -374,11 +379,7 @@ int main(int argc, char *argv[])
 		}

 		/* Key not loaded. Check the error code */
-		if (err_code == KEY_ERR_MALLOC) {
-			/* Cannot allocate memory. Abort. */
-			ERROR("Malloc error while loading '%s'\n", keys[i].fn);
-			exit(1);
-		} else if (err_code == KEY_ERR_LOAD) {
+		if (err_code == KEY_ERR_LOAD) {
 			/* File exists, but it does not contain a valid private
 			 * key. Abort. */
 			ERROR("Error loading '%s'\n", keys[i].fn);