diff options
author | FdaSilvaYY <fdasilvayy@gmail.com> | 2019-05-20 00:33:58 +0200 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2019-05-27 00:11:50 +0200 |
commit | 5b3accde606ffe01466426bd59407ffca0690d23 (patch) | |
tree | 62ed3a98ae73b3425c529a8fb28c52cf11467c3e | |
parent | Fix input checks wrt legacy code (diff) | |
download | openssl-5b3accde606ffe01466426bd59407ffca0690d23.tar.xz openssl-5b3accde606ffe01466426bd59407ffca0690d23.zip |
OCSP: fix memory leak in OCSP_url_svcloc_new method.
Add a few coverage test case.
Fixes #8949
[extended tests]
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8959)
-rw-r--r-- | crypto/ocsp/ocsp_ext.c | 4 | ||||
-rw-r--r-- | test/ocspapitest.c | 82 |
2 files changed, 83 insertions, 3 deletions
diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c index 8ebfd6284e..c5cf279170 100644 --- a/crypto/ocsp/ocsp_ext.c +++ b/crypto/ocsp/ocsp_ext.c @@ -439,6 +439,7 @@ X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, const char **urls) if ((sloc = OCSP_SERVICELOC_new()) == NULL) goto err; + X509_NAME_free(sloc->issuer); if ((sloc->issuer = X509_NAME_dup(issuer)) == NULL) goto err; if (urls && *urls @@ -449,12 +450,11 @@ X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, const char **urls) goto err; if ((ad->method = OBJ_nid2obj(NID_ad_OCSP)) == NULL) goto err; - if ((ad->location = GENERAL_NAME_new()) == NULL) - goto err; if ((ia5 = ASN1_IA5STRING_new()) == NULL) goto err; if (!ASN1_STRING_set((ASN1_STRING *)ia5, *urls, -1)) goto err; + /* ad->location is allocated inside ACCESS_DESCRIPTION_new */ ad->location->type = GEN_URI; ad->location->d.ia5 = ia5; ia5 = NULL; diff --git a/test/ocspapitest.c b/test/ocspapitest.c index 03b88e064b..355bd448ae 100644 --- a/test/ocspapitest.c +++ b/test/ocspapitest.c @@ -47,6 +47,24 @@ static int get_cert_and_key(X509 **cert_out, EVP_PKEY **key_out) return 0; } +static int get_cert(X509 **cert_out) +{ + BIO *certbio; + X509 *cert = NULL; + + if (!TEST_ptr(certbio = BIO_new_file(certstr, "r"))) + return 0; + cert = PEM_read_bio_X509(certbio, NULL, NULL, NULL); + BIO_free(certbio); + if (!TEST_ptr(cert)) + goto end; + *cert_out = cert; + return 1; + end: + X509_free(cert); + return 0; +} + static OCSP_BASICRESP *make_dummy_resp(void) { const unsigned char namestr[] = "openssl.example.com"; @@ -131,7 +149,67 @@ static int test_resp_signer(void) EVP_PKEY_free(key); return ret; } -#endif + +static int test_access_description(int testcase) +{ + ACCESS_DESCRIPTION *ad = ACCESS_DESCRIPTION_new(); + int ret = 0; + + if (!TEST_ptr(ad)) + goto err; + + switch (testcase) { + case 0: /* no change */ + break; + case 1: /* check and release current location */ + if (!TEST_ptr(ad->location)) + goto err; + GENERAL_NAME_free(ad->location); + ad->location = NULL; + break; + case 2: /* replace current location */ + GENERAL_NAME_free(ad->location); + ad->location = GENERAL_NAME_new(); + if (!TEST_ptr(ad->location)) + goto err; + break; + } + ACCESS_DESCRIPTION_free(ad); + ret = 1; +err: + return ret; +} + +static int test_ocsp_url_svcloc_new(void) +{ + static const char * urls[] = { + "www.openssl.org", + "www.openssl.net", + NULL + }; + + X509 *issuer = NULL; + X509_EXTENSION * ext = NULL; + int ret = 0; + + if (!TEST_true(get_cert(&issuer))) + goto err; + + /* + * Test calling this ocsp method to catch any memory leak + */ + ext = OCSP_url_svcloc_new(X509_get_issuer_name(issuer), urls); + if (!TEST_ptr(ext)) + goto err; + + X509_EXTENSION_free(ext); + ret = 1; +err: + X509_free(issuer); + return ret; +} + +#endif /* OPENSSL_NO_OCSP */ OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n") @@ -142,6 +220,8 @@ int setup_tests(void) return 0; #ifndef OPENSSL_NO_OCSP ADD_TEST(test_resp_signer); + ADD_ALL_TESTS(test_access_description, 3); + ADD_TEST(test_ocsp_url_svcloc_new); #endif return 1; } |