There is a memory leak vulnerability at line 250 in the /openssl/crypto/pkcs12/p12_crt.c file. #24453
Labels
branch: master
Merge to master branch
branch: 3.0
Merge to openssl-3.0 branch
branch: 3.1
Merge to openssl-3.1
branch: 3.2
Merge to openssl-3.2
branch: 3.3
Merge to openssl-3.3
help wanted
triaged: bug
The issue/pr is/fixes a bug
Comments
Sashan
added a commit
to Sashan/openssl
that referenced
this issue
May 22, 2024
function must make sure memorry allocated for `p8` gets freed in error path. Issue reported by LuMingYinDetect Fixes openssl#24453
t8m
added
branch: master
Sashan
added a commit
to Sashan/openssl
that referenced
this issue
Jun 12, 2024
function must make sure memorry allocated for `p8` gets freed in error path. Issue reported by LuMingYinDetect Fixes openssl#24453
Sashan
added a commit
to Sashan/openssl
that referenced
this issue
Jun 12, 2024
function must make sure memorry allocated for `p8` gets freed in error path. Issue reported by LuMingYinDetect Fixes openssl#24453
Sashan
added a commit
to Sashan/openssl
that referenced
this issue
Jun 17, 2024
function must make sure memorry allocated for `p8` gets freed in error path. Issue reported by LuMingYinDetect Fixes openssl#24453
bernd-edlinger
pushed a commit
to bernd-edlinger/openssl
that referenced
this issue
Jun 21, 2024
function must make sure memorry allocated for `p8` gets freed in error path. Issue reported by LuMingYinDetect Fixes openssl#24453 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from openssl#24456)
bernd-edlinger
pushed a commit
to bernd-edlinger/openssl
that referenced
this issue
Jun 21, 2024
function must make sure memorry allocated for `p8` gets freed in error path. Issue reported by LuMingYinDetect Fixes openssl#24453 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from openssl#24456)
bernd-edlinger
pushed a commit
to bernd-edlinger/openssl
that referenced
this issue
Jun 21, 2024
function must make sure memorry allocated for `p8` gets freed in error path. Issue reported by LuMingYinDetect Fixes openssl#24453 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from openssl#24456)
bernd-edlinger
pushed a commit
to bernd-edlinger/openssl
that referenced
this issue
Jun 21, 2024
function must make sure memorry allocated for `p8` gets freed in error path. Issue reported by LuMingYinDetect Fixes openssl#24453 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from openssl#24456)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
At line 244 in the /openssl/crypto/pkcs12/p12_crt.c file, a pointer variable named p8 is defined. At line 247, the EVP_PKEY2PKCS8 function allocates a dynamic memory area for this variable. If the if statement at line 247 returns false, it indicates that the dynamic memory allocation for p8 was successful. When the if statement at line 249 returns true, the program will jump to the err label via a goto statement at line 250. During this process, the dynamic memory area pointed to by p8 is neither freed, as it is in line 254, nor is it freed in the err label, leading to a memory leak vulnerability, as illustrated below (note that the marked paths in the diagram do not match my description; refer to my description for accuracy):
https://github.com/LuMingYinDetect/openssl_defects/blob/main/openssl_25.png
The text was updated successfully, but these errors were encountered: