Fix memory leakage in _libssh2_EVP_aes_128_ctr

This problem is caused by _libssh2_EVP_aes_128_ctr, it get called several times, as a result, cipher get constructed several times. Seen from openssl RC4 example, the intended usage is construct only one time. Backtrace A: example-sftpdir.exe!_libssh2_EVP_aes_128_ctr() Line 594 C example-sftpdir.exe!_libssh2_openssl_crypto_init() Line 672 C example-sftpdir.exe!libssh2_init(int flags) Line 51 C example-sftpdir.exe!main(int argc, char * * argv) Line 111 C Backtrace B: example-sftpdir.exe!_libssh2_EVP_aes_128_ctr() Line 594 C example-sftpdir.exe!_libssh2_cipher_init(evp_cipher_ctx_st * * h, const evp_cipher_st ()() algo, unsigned char * iv, unsigned char * secret, int encrypt) Line 408 C example-sftpdir.exe!crypt_init(_LIBSSH2_SESSION * session, const _LIBSSH2_CRYPT_METHOD * method, unsigned char * iv, int * free_iv, unsigned char * secret, int * free_secret, int encrypt, void * * abstract) Line 88 C example-sftpdir.exe!ecdh_sha2_nistp(_LIBSSH2_SESSION * session, libssh2_curve_type type, unsigned char * data, unsigned int data_len, unsigned char * public_key, unsigned int public_key_len, ec_key_st * private_key, kmdhgGPshakex_state_t * exchange_state) Line 2344 C example-sftpdir.exe!kex_method_ecdh_key_exchange(_LIBSSH2_SESSION * session, key_exchange_state_low_t * key_state) Line 2607 C example-sftpdir.exe!_libssh2_kex_exchange(_LIBSSH2_SESSION * session, int reexchange, key_exchange_state_t * key_state) Line 4149 C example-sftpdir.exe!session_startup(_LIBSSH2_SESSION * session, unsigned int sock) Line 739 C example-sftpdir.exe!libssh2_session_handshake(_LIBSSH2_SESSION * session, unsigned int sock) Line 827 C example-sftpdir.exe!main(int argc, char * * argv) Line 142 C
libssh2 · Sep 19, 2019 · 50f14b8 · 50f14b8
1 parent 336bd86
commit 50f14b8
Showing 1 changed file with 24 additions and 14 deletions.
diff --git a/src/openssl.c b/src/openssl.c
@@ -445,6 +445,10 @@ typedef struct
     unsigned char ctr[AES_BLOCK_SIZE];
 } aes_ctr_ctx;
 
+static EVP_CIPHER * aes_128_ctr_cipher = NULL;
+static EVP_CIPHER * aes_192_ctr_cipher = NULL;
+static EVP_CIPHER * aes_256_ctr_cipher = NULL;
+
 static int
 aes_ctr_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
              const unsigned char *iv, int enc) /* init key */
@@ -589,8 +593,12 @@ const EVP_CIPHER *
 _libssh2_EVP_aes_128_ctr(void)
 {
 #ifdef HAVE_OPAQUE_STRUCTS
-    EVP_CIPHER * aes_ctr_cipher;
-    return make_ctr_evp(16, &aes_ctr_cipher, NID_aes_128_ctr);
+    if(!aes_128_ctr_cipher) {
+        return make_ctr_evp(16, &aes_128_ctr_cipher, NID_aes_128_ctr);
+    }
+    else {
+        return aes_128_ctr_cipher;
+    }
 #else
     static EVP_CIPHER aes_ctr_cipher;
     EVP_CIPHER * aes_ctr_cipher_ptr = &aes_ctr_cipher;
@@ -602,8 +610,12 @@ const EVP_CIPHER *
 _libssh2_EVP_aes_192_ctr(void)
 {
 #ifdef HAVE_OPAQUE_STRUCTS
-    EVP_CIPHER * aes_ctr_cipher;
-    return make_ctr_evp(24, &aes_ctr_cipher, NID_aes_192_ctr);
+    if(!aes_192_ctr_cipher) {
+        return make_ctr_evp(24, &aes_192_ctr_cipher, NID_aes_192_ctr);
+    }
+    else {
+        return aes_192_ctr_cipher;
+    }
 #else
     static EVP_CIPHER aes_ctr_cipher;
     EVP_CIPHER * aes_ctr_cipher_ptr = &aes_ctr_cipher;
@@ -615,8 +627,12 @@ const EVP_CIPHER *
 _libssh2_EVP_aes_256_ctr(void)
 {
 #ifdef HAVE_OPAQUE_STRUCTS
-    EVP_CIPHER * aes_ctr_cipher;
-    return make_ctr_evp(32, &aes_ctr_cipher, NID_aes_256_ctr);
+    if(!aes_256_ctr_cipher) {
+        return make_ctr_evp(32, &aes_256_ctr_cipher, NID_aes_256_ctr);
+    }
+    else {
+        return aes_256_ctr_cipher;
+    }
 #else
     static EVP_CIPHER aes_ctr_cipher;
     EVP_CIPHER * aes_ctr_cipher_ptr = &aes_ctr_cipher;
@@ -626,12 +642,6 @@ _libssh2_EVP_aes_256_ctr(void)
 
 #endif /* LIBSSH2_AES_CTR */
 
-#ifndef HAVE_EVP_AES_128_CTR
-static EVP_CIPHER * aes_128_ctr_cipher = NULL;
-static EVP_CIPHER * aes_192_ctr_cipher = NULL;
-static EVP_CIPHER * aes_256_ctr_cipher = NULL;
-#endif
-
 void _libssh2_openssl_crypto_init(void)
 {
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
@@ -649,7 +659,7 @@ void _libssh2_openssl_crypto_init(void)
     ENGINE_register_all_complete();
 #endif
 #endif
-#ifndef HAVE_EVP_AES_128_CTR
+#if LIBSSH2_AES_CTR && !defined(HAVE_EVP_AES_128_CTR)
     if(!aes_128_ctr_cipher)
         aes_128_ctr_cipher = (EVP_CIPHER *) _libssh2_EVP_aes_128_ctr();
     if(!aes_192_ctr_cipher)
@@ -661,7 +671,7 @@ void _libssh2_openssl_crypto_init(void)
 
 void _libssh2_openssl_crypto_exit(void)
 {
-#ifndef HAVE_EVP_AES_128_CTR
+#if LIBSSH2_AES_CTR && !defined(HAVE_EVP_AES_128_CTR)
 #ifdef HAVE_OPAQUE_STRUCTS
     if(aes_128_ctr_cipher) {
         EVP_CIPHER_meth_free(aes_128_ctr_cipher);