Skip to content

CRL: fix memory allocation failure leaks #8499

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dgarske merged 1 commit into from
Feb 25, 2025
Merged

CRL: fix memory allocation failure leaks #8499

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 32 additions & 2 deletions src/crl.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,13 @@ int InitCRL(WOLFSSL_CRL* crl, WOLFSSL_CERT_MANAGER* cm)
WOLFSSL_MSG("Init Mutex failed");
return BAD_MUTEX_E;
}
#ifdef OPENSSL_ALL
{
int ret;
wolfSSL_RefInit(&crl->ref, &ret);
(void)ret;
}
#endif

return 0;
}
Expand Down Expand Up @@ -213,7 +220,7 @@ static void CRL_Entry_free(CRL_Entry* crle, void* heap)

WOLFSSL_ENTER("FreeCRL_Entry");

while (tmp) {
while (tmp != NULL) {
next = tmp->next;
XFREE(tmp, heap, DYNAMIC_TYPE_REVOKED);
tmp = next;
Expand Down Expand Up @@ -241,11 +248,24 @@ void FreeCRL(WOLFSSL_CRL* crl, int dynamic)
{
CRL_Entry* tmp;

WOLFSSL_ENTER("FreeCRL");

if (crl == NULL)
return;

#ifdef OPENSSL_ALL
{
int ret;
int doFree = 0;
wolfSSL_RefDec(&crl->ref, &doFree, &ret);
if (ret != 0)
WOLFSSL_MSG("Couldn't lock x509 mutex");
if (!doFree)
return;
}
#endif

tmp = crl->crlList;
WOLFSSL_ENTER("FreeCRL");
#ifdef HAVE_CRL_MONITOR
if (crl->monitors[0].path)
XFREE(crl->monitors[0].path, crl->heap, DYNAMIC_TYPE_CRL_MONITOR);
Expand Down Expand Up @@ -916,9 +936,17 @@ static CRL_Entry* DupCRL_Entry(const CRL_Entry* ent, void* heap)

#ifndef CRL_STATIC_REVOKED_LIST
dupl->certs = DupRevokedCertList(ent->certs, heap);
if (ent->certs != NULL && dupl->certs == NULL) {
CRL_Entry_free(dupl, heap);
return NULL;
}
#endif
#ifdef OPENSSL_EXTRA
dupl->issuer = wolfSSL_X509_NAME_dup(ent->issuer);
if (ent->issuer != NULL && dupl->issuer == NULL) {
CRL_Entry_free(dupl, heap);
return NULL;
}
#endif

if (!ent->verified) {
Expand Down Expand Up @@ -1035,6 +1063,8 @@ static int DupX509_CRL(WOLFSSL_X509_CRL *dupl, const WOLFSSL_X509_CRL* crl)
#endif

dupl->crlList = DupCRL_list(crl->crlList, dupl->heap);
if (dupl->crlList == NULL)
return MEMORY_E;
#ifdef HAVE_CRL_IO
dupl->crlIOCb = crl->crlIOCb;
#endif
Expand Down
5 changes: 5 additions & 0 deletions src/x509.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14092,6 +14092,11 @@ void wolfSSL_X509_OBJECT_free(WOLFSSL_X509_OBJECT *obj)
if (obj->type == WOLFSSL_X509_LU_X509) {
wolfSSL_X509_free(obj->data.x509);
}
#ifdef HAVE_CRL
else if (obj->type == WOLFSSL_X509_LU_CRL) {
wolfSSL_X509_CRL_free(obj->data.crl);
}
#endif
else {
/* We don't free as this will point to
* store->cm->crl which we don't own */
Expand Down
6 changes: 6 additions & 0 deletions src/x509_str.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1912,6 +1912,7 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects(

#ifdef HAVE_CRL
if (store->cm->crl != NULL) {
int res;
obj = wolfSSL_X509_OBJECT_new();
if (obj == NULL) {
WOLFSSL_MSG("wolfSSL_X509_OBJECT_new error");
Expand All @@ -1923,6 +1924,11 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects(
goto err_cleanup;
}
obj->type = WOLFSSL_X509_LU_CRL;
wolfSSL_RefInc(&store->cm->crl->ref, &res);
if (res != 0) {
WOLFSSL_MSG("Failed to lock crl mutex");
goto err_cleanup;
}
obj->data.crl = store->cm->crl;
}
#endif
Expand Down
1 change: 0 additions & 1 deletion tests/api.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55756,7 +55756,6 @@ static int test_X509_STORE_get0_objects(void)
ExpectIntEQ(X509_STORE_add_crl(store_cpy, crl), WOLFSSL_SUCCESS);

ExpectNotNull(crl = X509_OBJECT_get0_X509_CRL(objCopy));
X509_CRL_free(crl);
break;
}
#endif
Expand Down
3 changes: 3 additions & 0 deletions wolfssl/internal.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2637,6 +2637,9 @@ struct WOLFSSL_CRL {
THREAD_TYPE tid; /* monitoring thread */
wolfSSL_CRL_mfd_t mfd;
int setup; /* thread is setup predicate */
#endif
#ifdef OPENSSL_ALL
wolfSSL_Ref ref;
#endif
void* heap; /* heap hint for dynamic memory */
};
Expand Down