openssl

mirror of https://github.com/openssl/openssl.git synced 2024-12-09 05:51:54 +08:00

History

Bernd Edlinger be50862e72 Fix a memory leak in EC_GROUP_new_from_ecparameters This can be reproduced with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1656112173 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/fe543a8d7e09109a9a08114323eefec802ad79e2 #0 0x7fb61945eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 #1 0x402f84 in my_malloc fuzz/test-corpus.c:114 #2 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230 #3 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280 #4 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304 #5 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454 #6 0x7fb618e7aa13 in asn1_string_to_bn crypto/asn1/a_int.c:503 #7 0x7fb618e7aa13 in ASN1_INTEGER_to_BN crypto/asn1/a_int.c:559 #8 0x7fb618fd8e79 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:814 #9 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935 #10 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966 #11 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184 #12 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119 #13 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165 #14 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124 #15 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46 #16 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 #17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #20 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #21 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #22 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #23 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #24 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 #25 0x40310c in FuzzerTestOneInput fuzz/x509.c:33 #26 0x402afb in testfile fuzz/test-corpus.c:182 #27 0x402656 in main fuzz/test-corpus.c:226 #28 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #29 0x402756 (/home/ed/OPC/openssl/fuzz/x509-test+0x402756) ================================================================= ==12221==ERROR: LeakSanitizer: detected memory leaks Direct leak of 24 byte(s) in 1 object(s) allocated from: #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fb618ef5f11 in BN_new crypto/bn/bn_lib.c:246 #3 0x7fb618ef82f4 in BN_bin2bn crypto/bn/bn_lib.c:440 #4 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618 #5 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935 #6 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966 #7 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184 #8 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119 #9 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165 #10 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124 #11 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46 #12 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 #13 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #14 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #15 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #16 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #17 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #18 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #19 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #20 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 #21 0x40310c in FuzzerTestOneInput fuzz/x509.c:33 #22 0x402afb in testfile fuzz/test-corpus.c:182 #23 0x402656 in main fuzz/test-corpus.c:226 #24 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) Indirect leak of 56 byte(s) in 1 object(s) allocated from: #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280 #3 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304 #4 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454 #5 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618 #6 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935 #7 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966 #8 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184 #9 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119 #10 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165 #11 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124 #12 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46 #13 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 #14 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #15 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #16 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #20 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #21 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 #22 0x40310c in FuzzerTestOneInput fuzz/x509.c:33 #23 0x402afb in testfile fuzz/test-corpus.c:182 #24 0x402656 in main fuzz/test-corpus.c:226 #25 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s). Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/18633)		2022-06-25 07:20:33 +02:00
..
aes	add build support for riscv64 aes zkn	2022-06-10 11:45:41 +02:00
aria	Change loops conditions to make zero loop risk more obvious.	2022-05-24 14:11:20 +10:00
asn1	crypto/asn1/a_time.c: Add check for OPENSSL_malloc	2022-06-17 08:51:11 +02:00
async	Update copyright year	2022-05-03 13:34:51 +01:00
bf	Rename x86-32 assembly files from .s to .S.	2022-05-24 13:16:06 +10:00
bio	Don't include sys/select.h on HP-UX as it doesn't exist	2022-05-27 08:05:48 +02:00
bn	rsa: fix bn_reduce_once_in_place call for rsaz_mod_exp_avx512_x2	2022-06-23 12:51:36 +10:00
buffer
camellia	Rename x86-32 assembly files from .s to .S.	2022-05-24 13:16:06 +10:00
cast	Rename x86-32 assembly files from .s to .S.	2022-05-24 13:16:06 +10:00
chacha	Optimize chacha20 on aarch64 by SVE2	2022-06-22 17:07:17 +10:00
cmac	Fix the incorrect checks of EVP_CIPHER_CTX_set_key_length	2022-05-27 07:57:43 +02:00
cmp	Remove duplicated #include headers	2022-05-04 13:46:10 +10:00
cms	Fix the checks of BIO_get_cipher_status	2022-06-02 10:36:56 -04:00
comp
conf	CONF_modules_unload should fail if CONF_modules_finish fails	2022-06-06 08:53:38 +02:00
crmf	crmf_lib.c: Make sure Ed signature for POPO is called without digest	2022-05-05 09:52:27 +02:00
ct	CTLOG_new_ex: Fix copy&paste error when setting propq	2022-06-02 12:08:12 +02:00
des	Rename x86-32 assembly files from .s to .S.	2022-05-24 13:16:06 +10:00
dh	Add sensitive memory clean in priv encode	2022-06-16 15:15:36 +10:00
dsa	Add sensitive memory clean in priv encode	2022-06-16 15:15:36 +10:00
dso	Update copyright year	2022-05-03 13:34:51 +01:00
ec	Fix a memory leak in EC_GROUP_new_from_ecparameters	2022-06-25 07:20:33 +02:00
encode_decode	Check return value of ossl_parse_property()	2022-06-06 09:44:53 +02:00
engine	Add deprecation macro for 3.1 and deprecate OPENSSL_LH_stats	2022-06-22 09:36:14 +02:00
err	RSA keygen update: Raise an error if no prime candidate q is found.	2022-06-13 10:56:31 +02:00
ess
evp	Fix a mem leak in evp_pkey_export_to_provider	2022-06-15 10:53:04 -04:00
ffc	Update copyright year	2022-05-03 13:34:51 +01:00
hmac
http	crypto/http/http_client.c: Add the check for OPENSSL_strdup	2022-06-23 12:35:09 +02:00
idea
kdf
lhash	Add deprecation macro for 3.1 and deprecate OPENSSL_LH_stats	2022-06-22 09:36:14 +02:00
md2
md4
md5	Rename x86-32 assembly files from .s to .S.	2022-05-24 13:16:06 +10:00
mdc2
modes	Change loops conditions to make zero loop risk more obvious.	2022-05-24 14:11:20 +10:00
objects	Add deprecation macro for 3.1 and deprecate OPENSSL_LH_stats	2022-06-22 09:36:14 +02:00
ocsp	Update copyright year	2022-05-03 13:34:51 +01:00
pem	Update copyright year	2022-05-03 13:34:51 +01:00
perlasm	x86asm: Generate endbr32 based on __CET__.	2022-05-24 13:16:06 +10:00
pkcs7	Revert unnecessary PKCS7_verify() performance optimization	2022-06-02 18:41:49 +02:00
pkcs12	Update copyright year	2022-05-03 13:34:51 +01:00
poly1305	Generate the preprocessed .s files for chacha and poly 1305 on ia64	2022-05-27 08:10:49 +02:00
property	put_str: Use memcpy instead of strncpy	2022-06-23 15:44:19 +02:00
rand	Clarify use of EGD for HPNS in rand/rand_egd.c comments.	2022-06-17 09:28:19 +10:00
rc2
rc4	Rename x86-32 assembly files from .s to .S.	2022-05-24 13:16:06 +10:00
rc5	Rename x86-32 assembly files from .s to .S.	2022-05-24 13:16:06 +10:00
ripemd	Rename x86-32 assembly files from .s to .S.	2022-05-24 13:16:06 +10:00
rsa	Add sensitive memory clean in priv encode	2022-06-16 15:15:36 +10:00
seed
sha	Rename x86-32 assembly files from .s to .S.	2022-05-24 13:16:06 +10:00
siphash	Update copyright year	2022-05-03 13:34:51 +01:00
sm2	Remove duplicated #include headers	2022-05-04 13:46:10 +10:00
sm3	Add ROTATE inline asm support for SM3	2022-06-22 12:46:50 +02:00
sm4	Update copyright year	2022-05-03 13:34:51 +01:00
srp
stack
store	Add deprecation macro for 3.1 and deprecate OPENSSL_LH_stats	2022-06-22 09:36:14 +02:00
ts	Update copyright year	2022-05-03 13:34:51 +01:00
txt_db
ui	Fix the check of UI_method_set_ex_data	2022-05-27 07:57:43 +02:00
whrlpool	Rename x86-32 assembly files from .s to .S.	2022-05-24 13:16:06 +10:00
x509	Fix the checks of X509_LOOKUP_* functions	2022-06-23 12:42:25 +02:00
alphacpuid.pl
arm64cpuid.pl	Update copyright year	2022-05-03 13:34:51 +01:00
arm_arch.h	Apply the AES-GCM unroll8 optimization patch to Neoverse N2	2022-05-23 11:05:51 +10:00
armcap.c	Apply the AES-GCM unroll8 optimization patch to Neoverse N2	2022-05-23 11:05:51 +10:00
armv4cpuid.pl
asn1_dsa.c
bsearch.c
build.info	QUIC wire format support	2022-05-27 08:00:52 +02:00
c64xpluscpuid.pl
context.c	Update copyright year	2022-05-03 13:34:51 +01:00
core_algorithm.c	Refactor method construction pre- and post-condition	2022-05-05 15:05:54 +02:00
core_fetch.c	Always try to construct methods as new provider might be added	2022-05-12 08:28:12 +02:00
core_namemap.c	Add deprecation macro for 3.1 and deprecate OPENSSL_LH_stats	2022-06-22 09:36:14 +02:00
cpt_err.c	err: add additional errors	2022-01-12 20:10:21 +11:00
cpuid.c	Update copyright year	2022-05-03 13:34:51 +01:00
cryptlib.c	Update copyright year	2022-05-03 13:34:51 +01:00
ctype.c	tolower: refine the tolower code to avoid a memory access	2022-05-23 09:51:28 +10:00
cversion.c
der_writer.c
dllmain.c	Update copyright year	2022-05-03 13:34:51 +01:00
ebcdic.c
ex_data.c
getenv.c	Update copyright year	2022-05-03 13:34:51 +01:00
ia64cpuid.S
info.c	Update copyright year	2022-05-03 13:34:51 +01:00
init.c	Avoid reusing the init_lock for a different purpose	2022-06-15 09:45:51 +02:00
initthread.c	Update copyright year	2022-05-03 13:34:51 +01:00
LPdir_nyi.c
LPdir_unix.c	Update copyright year	2022-05-03 13:34:51 +01:00
LPdir_vms.c
LPdir_win32.c
LPdir_win.c
LPdir_wince.c
mem_clr.c
mem_sec.c	Update copyright year	2022-05-03 13:34:51 +01:00
mem.c	Update copyright year	2022-05-03 13:34:51 +01:00
mips_arch.h
o_dir.c	Update copyright year	2022-05-03 13:34:51 +01:00
o_fopen.c	Update copyright year	2022-05-03 13:34:51 +01:00
o_init.c	Update copyright year	2022-05-03 13:34:51 +01:00
o_str.c	strcasecmp: implement strcasecmp and strncasecmp	2022-05-23 09:51:28 +10:00
o_time.c
packet.c	QUIC wire format support	2022-05-27 08:00:52 +02:00
param_build_set.c	Update copyright year	2022-05-03 13:34:51 +01:00
param_build.c	Update copyright year	2022-05-03 13:34:51 +01:00
params_dup.c	Update copyright year	2022-05-03 13:34:51 +01:00
params_from_text.c	Allow sign extension in OSSL_PARAM_allocate_from_text()	2021-11-24 19:18:19 +01:00
params.c	Update copyright year	2022-05-03 13:34:51 +01:00
pariscid.pl
passphrase.c	Update copyright year	2022-05-03 13:34:51 +01:00
ppccap.c	Update copyright year	2022-05-03 13:34:51 +01:00
ppccpuid.pl	Update copyright year	2022-05-03 13:34:51 +01:00
provider_child.c	For child libctx / provider, don't count self-references in parent	2022-05-05 15:06:11 +02:00
provider_conf.c	Update copyright year	2022-05-03 13:34:51 +01:00
provider_core.c	Avoid including decoder/encoder/store headers into fips module	2022-06-24 08:26:42 +02:00
provider_local.h
provider_predefined.c
provider.c
punycode.c
quic_vlint.c	QUIC wire format support	2022-05-27 08:00:52 +02:00
README-sparse_array.md
riscv64cpuid.pl	Add basic RISC-V cpuid and OPENSSL_riscvcap	2022-05-19 16:32:49 +10:00
riscvcap.c	Add basic RISC-V cpuid and OPENSSL_riscvcap	2022-05-19 16:32:49 +10:00
s390x_arch.h	Update copyright year	2022-05-03 13:34:51 +01:00
s390xcap.c	s390: Add new machine generation	2022-04-12 13:04:57 +02:00
s390xcpuid.pl
self_test_core.c	Update copyright year	2022-05-03 13:34:51 +01:00
sparccpuid.S
sparcv9cap.c
sparse_array.c	Update copyright year	2022-05-03 13:34:51 +01:00
threads_lib.c
threads_none.c
threads_pthread.c	Update copyright year	2022-05-03 13:34:51 +01:00
threads_win.c
trace.c	http_client.c: Dump response on error when tracing is enabled	2022-05-30 22:43:44 +02:00
uid.c
vms_rms.h
x86_64cpuid.pl
x86cpuid.pl