Skip to content

Commit

Permalink
Merge pull request #8499 from SparkiDev/crl_list_fix
Browse files Browse the repository at this point in the history 
CRL: fix memory allocation failure leaks
  • Loading branch information
@dgarske
dgarske authored Feb 25, 2025
2 parents 4eda5e1 + 6f268c4 commit bac6771
Show file tree
Hide file tree
Showing 5 changed files with 46 additions and 3 deletions.
34 changes: 32 additions & 2 deletions src/crl.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,13 @@ int InitCRL(WOLFSSL_CRL* crl, WOLFSSL_CERT_MANAGER* cm)
WOLFSSL_MSG("Init Mutex failed");
return BAD_MUTEX_E;
}
#ifdef OPENSSL_ALL
{
int ret;
wolfSSL_RefInit(&crl->ref, &ret);
(void)ret;
}
#endif

return 0;
}
Expand Down Expand Up @@ -213,7 +220,7 @@ static void CRL_Entry_free(CRL_Entry* crle, void* heap)

WOLFSSL_ENTER("FreeCRL_Entry");

while (tmp) {
while (tmp != NULL) {
next = tmp->next;
XFREE(tmp, heap, DYNAMIC_TYPE_REVOKED);
tmp = next;
Expand Down Expand Up @@ -241,11 +248,24 @@ void FreeCRL(WOLFSSL_CRL* crl, int dynamic)
{
CRL_Entry* tmp;

WOLFSSL_ENTER("FreeCRL");

if (crl == NULL)
return;

#ifdef OPENSSL_ALL
{
int ret;
int doFree = 0;
wolfSSL_RefDec(&crl->ref, &doFree, &ret);
if (ret != 0)
WOLFSSL_MSG("Couldn't lock x509 mutex");
if (!doFree)
return;
}
#endif

tmp = crl->crlList;
WOLFSSL_ENTER("FreeCRL");
#ifdef HAVE_CRL_MONITOR
if (crl->monitors[0].path)
XFREE(crl->monitors[0].path, crl->heap, DYNAMIC_TYPE_CRL_MONITOR);
Expand Down Expand Up @@ -916,9 +936,17 @@ static CRL_Entry* DupCRL_Entry(const CRL_Entry* ent, void* heap)

#ifndef CRL_STATIC_REVOKED_LIST
dupl->certs = DupRevokedCertList(ent->certs, heap);
if (ent->certs != NULL && dupl->certs == NULL) {
CRL_Entry_free(dupl, heap);
return NULL;
}
#endif
#ifdef OPENSSL_EXTRA
dupl->issuer = wolfSSL_X509_NAME_dup(ent->issuer);
if (ent->issuer != NULL && dupl->issuer == NULL) {
CRL_Entry_free(dupl, heap);
return NULL;
}
#endif

if (!ent->verified) {
Expand Down Expand Up @@ -1035,6 +1063,8 @@ static int DupX509_CRL(WOLFSSL_X509_CRL *dupl, const WOLFSSL_X509_CRL* crl)
#endif

dupl->crlList = DupCRL_list(crl->crlList, dupl->heap);
if (dupl->crlList == NULL)
return MEMORY_E;
#ifdef HAVE_CRL_IO
dupl->crlIOCb = crl->crlIOCb;
#endif
Expand Down
5 changes: 5 additions & 0 deletions src/x509.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14092,6 +14092,11 @@ void wolfSSL_X509_OBJECT_free(WOLFSSL_X509_OBJECT *obj)
if (obj->type == WOLFSSL_X509_LU_X509) {
wolfSSL_X509_free(obj->data.x509);
}
#ifdef HAVE_CRL
else if (obj->type == WOLFSSL_X509_LU_CRL) {
wolfSSL_X509_CRL_free(obj->data.crl);
}
#endif
else {
/* We don't free as this will point to
* store->cm->crl which we don't own */
Expand Down
6 changes: 6 additions & 0 deletions src/x509_str.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1912,6 +1912,7 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects(

#ifdef HAVE_CRL
if (store->cm->crl != NULL) {
int res;
obj = wolfSSL_X509_OBJECT_new();
if (obj == NULL) {
WOLFSSL_MSG("wolfSSL_X509_OBJECT_new error");
Expand All @@ -1923,6 +1924,11 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects(
goto err_cleanup;
}
obj->type = WOLFSSL_X509_LU_CRL;
wolfSSL_RefInc(&store->cm->crl->ref, &res);
if (res != 0) {
WOLFSSL_MSG("Failed to lock crl mutex");
goto err_cleanup;
}
obj->data.crl = store->cm->crl;
}
#endif
Expand Down
1 change: 0 additions & 1 deletion tests/api.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55756,7 +55756,6 @@ static int test_X509_STORE_get0_objects(void)
ExpectIntEQ(X509_STORE_add_crl(store_cpy, crl), WOLFSSL_SUCCESS);

ExpectNotNull(crl = X509_OBJECT_get0_X509_CRL(objCopy));
X509_CRL_free(crl);
break;
}
#endif
Expand Down
3 changes: 3 additions & 0 deletions wolfssl/internal.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2637,6 +2637,9 @@ struct WOLFSSL_CRL {
THREAD_TYPE tid; /* monitoring thread */
wolfSSL_CRL_mfd_t mfd;
int setup; /* thread is setup predicate */
#endif
#ifdef OPENSSL_ALL
wolfSSL_Ref ref;
#endif
void* heap; /* heap hint for dynamic memory */
};
Expand Down

0 comments on commit bac6771

Please sign in to comment.