Fix a possible memory leak in req_main #23365

bernd-edlinger · 2024-01-22T15:15:15Z

if the private key is output to stdout using the HARNESS_OSSL_PREFIX, out is a stack of BIOs and must therefore free'd using BIO_free_all.

Steps to reproduce:

$ HARNESS_OSSL_PREFIX=x OPENSSL_CONF=apps/openssl.cnf util/shlib_wrap.sh apps/openssl req -new -keyout - -passout pass: </dev/null [...]
Direct leak of 128 byte(s) in 1 object(s) allocated from:
#0 0x7f6f692b89cf in _interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7f6f686eda00 in CRYPTO_malloc crypto/mem.c:202
#2 0x7f6f686edba0 in CRYPTO_zalloc crypto/mem.c:222
#3 0x7f6f68471bdf in BIO_new_ex crypto/bio/bio_lib.c:83
#4 0x7f6f68491a8f in BIO_new_fp crypto/bio/bss_file.c:95
#5 0x555c5f58b378 in dup_bio_out apps/lib/apps.c:3014
#6 0x555c5f58f9ac in bio_open_default apps/lib/apps.c:3175
#7 0x555c5f58f9ac in bio_open_default apps/lib/apps.c:3203
#8 0x555c5f528537 in req_main apps/req.c:683
#9 0x555c5f50e315 in do_cmd apps/openssl.c:426
#10 0x555c5f4c5575 in main apps/openssl.c:307
#11 0x7f6f680461c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

SUMMARY: AddressSanitizer: 128 byte(s) leaked in 1 allocation(s).

Checklist

documentation is added or updated
tests are added or updated

if the private key is output to stdout using the HARNESS_OSSL_PREFIX, out is a stack of BIOs and must therefore free'd using BIO_free_all. Steps to reproduce: $ HARNESS_OSSL_PREFIX=x OPENSSL_CONF=apps/openssl.cnf util/shlib_wrap.sh apps/openssl req -new -keyout - -passout pass: </dev/null [...] Direct leak of 128 byte(s) in 1 object(s) allocated from: #0 0x7f6f692b89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69 openssl#1 0x7f6f686eda00 in CRYPTO_malloc crypto/mem.c:202 openssl#2 0x7f6f686edba0 in CRYPTO_zalloc crypto/mem.c:222 openssl#3 0x7f6f68471bdf in BIO_new_ex crypto/bio/bio_lib.c:83 openssl#4 0x7f6f68491a8f in BIO_new_fp crypto/bio/bss_file.c:95 openssl#5 0x555c5f58b378 in dup_bio_out apps/lib/apps.c:3014 openssl#6 0x555c5f58f9ac in bio_open_default_ apps/lib/apps.c:3175 openssl#7 0x555c5f58f9ac in bio_open_default apps/lib/apps.c:3203 openssl#8 0x555c5f528537 in req_main apps/req.c:683 openssl#9 0x555c5f50e315 in do_cmd apps/openssl.c:426 openssl#10 0x555c5f4c5575 in main apps/openssl.c:307 openssl#11 0x7f6f680461c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 SUMMARY: AddressSanitizer: 128 byte(s) leaked in 1 allocation(s).

openssl-machine · 2024-01-24T09:00:15Z

This pull request is ready to merge

t8m · 2024-01-24T10:56:21Z

Merged to the master, 3.2, 3.1 and 3.0 branches. Thank you for the contribution.

if the private key is output to stdout using the HARNESS_OSSL_PREFIX, out is a stack of BIOs and must therefore free'd using BIO_free_all. Steps to reproduce: $ HARNESS_OSSL_PREFIX=x OPENSSL_CONF=apps/openssl.cnf util/shlib_wrap.sh apps/openssl req -new -keyout - -passout pass: </dev/null [...] Direct leak of 128 byte(s) in 1 object(s) allocated from: #0 0x7f6f692b89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7f6f686eda00 in CRYPTO_malloc crypto/mem.c:202 #2 0x7f6f686edba0 in CRYPTO_zalloc crypto/mem.c:222 #3 0x7f6f68471bdf in BIO_new_ex crypto/bio/bio_lib.c:83 #4 0x7f6f68491a8f in BIO_new_fp crypto/bio/bss_file.c:95 #5 0x555c5f58b378 in dup_bio_out apps/lib/apps.c:3014 #6 0x555c5f58f9ac in bio_open_default_ apps/lib/apps.c:3175 #7 0x555c5f58f9ac in bio_open_default apps/lib/apps.c:3203 #8 0x555c5f528537 in req_main apps/req.c:683 #9 0x555c5f50e315 in do_cmd apps/openssl.c:426 #10 0x555c5f4c5575 in main apps/openssl.c:307 #11 0x7f6f680461c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 SUMMARY: AddressSanitizer: 128 byte(s) leaked in 1 allocation(s). Reviewed-by: Tom Cosgrove <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #23365)

if the private key is output to stdout using the HARNESS_OSSL_PREFIX, out is a stack of BIOs and must therefore free'd using BIO_free_all. Steps to reproduce: $ HARNESS_OSSL_PREFIX=x OPENSSL_CONF=apps/openssl.cnf util/shlib_wrap.sh apps/openssl req -new -keyout - -passout pass: </dev/null [...] Direct leak of 128 byte(s) in 1 object(s) allocated from: #0 0x7f6f692b89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7f6f686eda00 in CRYPTO_malloc crypto/mem.c:202 #2 0x7f6f686edba0 in CRYPTO_zalloc crypto/mem.c:222 #3 0x7f6f68471bdf in BIO_new_ex crypto/bio/bio_lib.c:83 #4 0x7f6f68491a8f in BIO_new_fp crypto/bio/bss_file.c:95 #5 0x555c5f58b378 in dup_bio_out apps/lib/apps.c:3014 #6 0x555c5f58f9ac in bio_open_default_ apps/lib/apps.c:3175 #7 0x555c5f58f9ac in bio_open_default apps/lib/apps.c:3203 #8 0x555c5f528537 in req_main apps/req.c:683 #9 0x555c5f50e315 in do_cmd apps/openssl.c:426 #10 0x555c5f4c5575 in main apps/openssl.c:307 #11 0x7f6f680461c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 SUMMARY: AddressSanitizer: 128 byte(s) leaked in 1 allocation(s). Reviewed-by: Tom Cosgrove <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #23365) (cherry picked from commit ff78d94)

if the private key is output to stdout using the HARNESS_OSSL_PREFIX, out is a stack of BIOs and must therefore free'd using BIO_free_all. Steps to reproduce: $ HARNESS_OSSL_PREFIX=x OPENSSL_CONF=apps/openssl.cnf util/shlib_wrap.sh apps/openssl req -new -keyout - -passout pass: </dev/null [...] Direct leak of 128 byte(s) in 1 object(s) allocated from: #0 0x7f6f692b89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69 openssl#1 0x7f6f686eda00 in CRYPTO_malloc crypto/mem.c:202 openssl#2 0x7f6f686edba0 in CRYPTO_zalloc crypto/mem.c:222 openssl#3 0x7f6f68471bdf in BIO_new_ex crypto/bio/bio_lib.c:83 openssl#4 0x7f6f68491a8f in BIO_new_fp crypto/bio/bss_file.c:95 openssl#5 0x555c5f58b378 in dup_bio_out apps/lib/apps.c:3014 openssl#6 0x555c5f58f9ac in bio_open_default_ apps/lib/apps.c:3175 openssl#7 0x555c5f58f9ac in bio_open_default apps/lib/apps.c:3203 openssl#8 0x555c5f528537 in req_main apps/req.c:683 openssl#9 0x555c5f50e315 in do_cmd apps/openssl.c:426 openssl#10 0x555c5f4c5575 in main apps/openssl.c:307 openssl#11 0x7f6f680461c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 SUMMARY: AddressSanitizer: 128 byte(s) leaked in 1 allocation(s). Reviewed-by: Tom Cosgrove <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#23365) (cherry picked from commit ff78d94)

if the private key is output to stdout using the HARNESS_OSSL_PREFIX, out is a stack of BIOs and must therefore free'd using BIO_free_all. Steps to reproduce: $ HARNESS_OSSL_PREFIX=x OPENSSL_CONF=apps/openssl.cnf util/shlib_wrap.sh apps/openssl req -new -keyout - -passout pass: </dev/null [...] Direct leak of 128 byte(s) in 1 object(s) allocated from: #0 0x7f6f692b89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7f6f686eda00 in CRYPTO_malloc crypto/mem.c:202 #2 0x7f6f686edba0 in CRYPTO_zalloc crypto/mem.c:222 #3 0x7f6f68471bdf in BIO_new_ex crypto/bio/bio_lib.c:83 #4 0x7f6f68491a8f in BIO_new_fp crypto/bio/bss_file.c:95 #5 0x555c5f58b378 in dup_bio_out apps/lib/apps.c:3014 #6 0x555c5f58f9ac in bio_open_default_ apps/lib/apps.c:3175 #7 0x555c5f58f9ac in bio_open_default apps/lib/apps.c:3203 #8 0x555c5f528537 in req_main apps/req.c:683 #9 0x555c5f50e315 in do_cmd apps/openssl.c:426 #10 0x555c5f4c5575 in main apps/openssl.c:307 #11 0x7f6f680461c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 SUMMARY: AddressSanitizer: 128 byte(s) leaked in 1 allocation(s). Reviewed-by: Tom Cosgrove <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl/openssl#23365) (cherry picked from commit ff78d94b131d7bb3b761509d3ce0dd864b1420e3) Signed-off-by: hhhFun <[email protected]>

bernd-edlinger added branch: master Merge to master branch branch: 3.0 Merge to openssl-3.0 branch branch: 3.1 Merge to openssl-3.1 branch: 3.2 Merge to openssl-3.2 labels Jan 22, 2024

t8m added triaged: bug The issue/pr is/fixes a bug tests: exempted The PR is exempt from requirements for testing approval: review pending This pull request needs review by a committer approval: otc review pending This pull request needs review by an OTC member labels Jan 22, 2024

t8m approved these changes Jan 22, 2024

View reviewed changes

t8m removed the approval: otc review pending This pull request needs review by an OTC member label Jan 22, 2024

tom-cosgrove-arm approved these changes Jan 23, 2024

View reviewed changes

tom-cosgrove-arm added approval: done This pull request has the required number of approvals and removed approval: review pending This pull request needs review by a committer labels Jan 23, 2024

openssl-machine added approval: ready to merge The 24 hour grace period has passed, ready to merge and removed approval: done This pull request has the required number of approvals labels Jan 24, 2024

t8m closed this Jan 24, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix a possible memory leak in req_main #23365

Fix a possible memory leak in req_main #23365

bernd-edlinger commented Jan 22, 2024

openssl-machine commented Jan 24, 2024

t8m commented Jan 24, 2024

Fix a possible memory leak in req_main #23365

Fix a possible memory leak in req_main #23365

Conversation

bernd-edlinger commented Jan 22, 2024

Checklist

openssl-machine commented Jan 24, 2024

t8m commented Jan 24, 2024