Skip to content

Commit

Permalink
Fix a possible memleak in bind_afalg
Browse files Browse the repository at this point in the history 
bind_afalg calls afalg_aes_cbc which allocates
cipher_handle->_hidden global object(s)
but if one of them fails due to out of memory,
the function bind_afalg relies on the engine destroy
method to be called.  But that does not happen
because the dynamic engine object is not destroyed
in the usual way in dynamic_load in this case:

If the bind_engine function fails, there will be no
further calls into the shared object.
See ./crypto/engine/eng_dyn.c near the comment:
/* Copy the original ENGINE structure back */

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from #23409)
  • Loading branch information
@bernd-edlinger @mattcaswell
bernd-edlinger authored and mattcaswell committed Jan 31, 2024
1 parent 9170cc0 commit 729a149
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion engines/e_afalg.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -834,8 +834,10 @@ static int bind_helper(ENGINE *e, const char *id)
if (!afalg_chk_platform())
return 0;

if (!bind_afalg(e))
if (!bind_afalg(e)) {
afalg_destroy(e);
return 0;
}
return 1;
}

Expand Down

0 comments on commit 729a149

Please sign in to comment.