Skip to content
Permalink
Browse files

Fix memory leakage in _libssh2_EVP_aes_128_ctr

This patch fix the memory leakage when _libssh2_cipher_init calls _libssh2_EVP_aes_128_ctr. full backtrace is as below:
_libssh2_EVP_aes_128_ctr() Line 594 C
_libssh2_cipher_init(evp_cipher_ctx_st * * h, const evp_cipher_st ()() algo, unsigned char * iv, unsigned char * secret, int encrypt) Line 408 C
crypt_init(_LIBSSH2_SESSION * session, const _LIBSSH2_CRYPT_METHOD * method, unsigned char * iv, int * free_iv, unsigned char * secret, int * free_secret, int encrypt, void * * abstract) Line 88 C
ecdh_sha2_nistp(_LIBSSH2_SESSION * session, libssh2_curve_type type, unsigned char * data, unsigned int data_len, unsigned char * public_key, unsigned int public_key_len, ec_key_st * private_key, kmdhgGPshakex_state_t * exchange_state) Line 2344 C
kex_method_ecdh_key_exchange(_LIBSSH2_SESSION * session, key_exchange_state_low_t * key_state) Line 2607 C
_libssh2_kex_exchange(_LIBSSH2_SESSION * session, int reexchange, key_exchange_state_t * key_state) Line 4149 C
session_startup(_LIBSSH2_SESSION * session, unsigned int sock) Line 739 C
libssh2_session_handshake(_LIBSSH2_SESSION * session, unsigned int sock) Line 827 C
main(int argc, char * * argv) Line 142 C
  • Loading branch information...
Jun Zeng
Jun Zeng committed Oct 9, 2019
1 parent 336bd86 commit b509bcfd99c633a154d1c67bc8dc5e869112c216
Showing with 24 additions and 14 deletions.
  1. +24 −14 src/openssl.c
@@ -445,6 +445,10 @@ typedef struct
unsigned char ctr[AES_BLOCK_SIZE];
} aes_ctr_ctx;

static EVP_CIPHER *aes_128_ctr_cipher = NULL;
static EVP_CIPHER *aes_192_ctr_cipher = NULL;
static EVP_CIPHER *aes_256_ctr_cipher = NULL;

static int
aes_ctr_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc) /* init key */
@@ -589,8 +593,12 @@ const EVP_CIPHER *
_libssh2_EVP_aes_128_ctr(void)
{
#ifdef HAVE_OPAQUE_STRUCTS
EVP_CIPHER * aes_ctr_cipher;
return make_ctr_evp(16, &aes_ctr_cipher, NID_aes_128_ctr);
if(!aes_128_ctr_cipher) {
return make_ctr_evp(16, &aes_128_ctr_cipher, NID_aes_128_ctr);
}
else {
return aes_128_ctr_cipher;
}
#else
static EVP_CIPHER aes_ctr_cipher;
EVP_CIPHER * aes_ctr_cipher_ptr = &aes_ctr_cipher;
@@ -602,8 +610,12 @@ const EVP_CIPHER *
_libssh2_EVP_aes_192_ctr(void)
{
#ifdef HAVE_OPAQUE_STRUCTS
EVP_CIPHER * aes_ctr_cipher;
return make_ctr_evp(24, &aes_ctr_cipher, NID_aes_192_ctr);
if(!aes_192_ctr_cipher) {
return make_ctr_evp(24, &aes_192_ctr_cipher, NID_aes_192_ctr);
}
else {
return aes_192_ctr_cipher;
}
#else
static EVP_CIPHER aes_ctr_cipher;
EVP_CIPHER * aes_ctr_cipher_ptr = &aes_ctr_cipher;
@@ -615,8 +627,12 @@ const EVP_CIPHER *
_libssh2_EVP_aes_256_ctr(void)
{
#ifdef HAVE_OPAQUE_STRUCTS
EVP_CIPHER * aes_ctr_cipher;
return make_ctr_evp(32, &aes_ctr_cipher, NID_aes_256_ctr);
if(!aes_256_ctr_cipher) {
return make_ctr_evp(32, &aes_256_ctr_cipher, NID_aes_256_ctr);
}
else {
return aes_256_ctr_cipher;
}
#else
static EVP_CIPHER aes_ctr_cipher;
EVP_CIPHER * aes_ctr_cipher_ptr = &aes_ctr_cipher;
@@ -626,12 +642,6 @@ _libssh2_EVP_aes_256_ctr(void)

#endif /* LIBSSH2_AES_CTR */

#ifndef HAVE_EVP_AES_128_CTR
static EVP_CIPHER * aes_128_ctr_cipher = NULL;
static EVP_CIPHER * aes_192_ctr_cipher = NULL;
static EVP_CIPHER * aes_256_ctr_cipher = NULL;
#endif

void _libssh2_openssl_crypto_init(void)
{
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
@@ -649,7 +659,7 @@ void _libssh2_openssl_crypto_init(void)
ENGINE_register_all_complete();
#endif
#endif
#ifndef HAVE_EVP_AES_128_CTR
#if LIBSSH2_AES_CTR && !defined(HAVE_EVP_AES_128_CTR)
if(!aes_128_ctr_cipher)
aes_128_ctr_cipher = (EVP_CIPHER *) _libssh2_EVP_aes_128_ctr();
if(!aes_192_ctr_cipher)
@@ -661,7 +671,7 @@ void _libssh2_openssl_crypto_init(void)

void _libssh2_openssl_crypto_exit(void)
{
#ifndef HAVE_EVP_AES_128_CTR
#if LIBSSH2_AES_CTR && !defined(HAVE_EVP_AES_128_CTR)
#ifdef HAVE_OPAQUE_STRUCTS
if(aes_128_ctr_cipher) {
EVP_CIPHER_meth_free(aes_128_ctr_cipher);

0 comments on commit b509bcf

Please sign in to comment.
You can’t perform that action at this time.