mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-09 05:51:54 +08:00
Code Issues Packages Projects Releases Wiki Activity
48320997b4
openssl/crypto/ec
History
Bernd Edlinger be50862e72 Fix a memory leak in EC_GROUP_new_from_ecparameters 
This can be reproduced with my error injection patch.

The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.

$ ERROR_INJECT=1656112173 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/fe543a8d7e09109a9a08114323eefec802ad79e2
    #0 0x7fb61945eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
    #1 0x402f84 in my_malloc fuzz/test-corpus.c:114
    #2 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
    #3 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
    #4 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
    #5 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
    #6 0x7fb618e7aa13 in asn1_string_to_bn crypto/asn1/a_int.c:503
    #7 0x7fb618e7aa13 in ASN1_INTEGER_to_BN crypto/asn1/a_int.c:559
    #8 0x7fb618fd8e79 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:814
    #9 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
    #10 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
    #11 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
    #12 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
    #13 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
    #14 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
    #15 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
    #16 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
    #17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
    #18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
    #19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
    #20 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
    #21 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
    #22 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
    #23 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
    #24 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
    #25 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
    #26 0x402afb in testfile fuzz/test-corpus.c:182
    #27 0x402656 in main fuzz/test-corpus.c:226
    #28 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
    #29 0x402756  (/home/ed/OPC/openssl/fuzz/x509-test+0x402756)

=================================================================
==12221==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 24 byte(s) in 1 object(s) allocated from:
    #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
    #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
    #2 0x7fb618ef5f11 in BN_new crypto/bn/bn_lib.c:246
    #3 0x7fb618ef82f4 in BN_bin2bn crypto/bn/bn_lib.c:440
    #4 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
    #5 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
    #6 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
    #7 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
    #8 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
    #9 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
    #10 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
    #11 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
    #12 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
    #13 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
    #14 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
    #15 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
    #16 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
    #17 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
    #18 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
    #19 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
    #20 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
    #21 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
    #22 0x402afb in testfile fuzz/test-corpus.c:182
    #23 0x402656 in main fuzz/test-corpus.c:226
    #24 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

Indirect leak of 56 byte(s) in 1 object(s) allocated from:
    #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
    #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
    #2 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
    #3 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
    #4 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
    #5 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
    #6 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
    #7 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
    #8 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
    #9 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
    #10 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
    #11 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
    #12 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
    #13 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
    #14 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
    #15 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
    #16 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
    #17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
    #18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
    #19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
    #20 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
    #21 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
    #22 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
    #23 0x402afb in testfile fuzz/test-corpus.c:182
    #24 0x402656 in main fuzz/test-corpus.c:226
    #25 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s).

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/18633)
2022-06-25 07:20:33 +02:00
..
asm Apply the correct Apache v2 license 2022-02-14 10:08:21 +01:00
curve448 Update copyright year 2022-05-03 13:34:51 +01:00
build.info Rename x86-32 assembly files from .s to .S. 2022-05-24 13:16:06 +10:00
curve25519.c Update copyright year 2022-05-03 13:34:51 +01:00
ec2_oct.c Update copyright year 2022-05-03 13:34:51 +01:00
ec2_smpl.c fix some code with obvious wrong coding style 2021-10-28 13:10:46 +10:00
ec_ameth.c Add sensitive memory clean in priv encode 2022-06-16 15:15:36 +10:00
ec_asn1.c Fix a memory leak in EC_GROUP_new_from_ecparameters 2022-06-25 07:20:33 +02:00
ec_backend.c The flag "decoded-from-explicit" must be imp/exportable 2022-06-23 15:47:15 +02:00
ec_check.c Update copyright year 2021-03-11 13:27:36 +00:00
ec_curve.c [ec] Do not default to OPENSSL_EC_NAMED_CURVE for curves without OID 2021-08-30 15:18:19 +03:00
ec_cvt.c Update copyright year 2021-03-11 13:27:36 +00:00
ec_deprecated.c Fix incorrect return check of BN_bn2binpad 2021-11-08 08:53:02 +10:00
ec_err.c Add error code for unsupported explicit parameters 2022-04-14 08:51:18 +02:00
ec_key.c Fix a memory leak in ec_key_simple_oct2priv 2022-05-24 11:30:42 +02:00
ec_kmeth.c fips module header inclusion fine-tunning 2021-07-06 10:52:27 +10:00
ec_lib.c The flag "decoded-from-explicit" must be imp/exportable 2022-06-23 15:47:15 +02:00
ec_local.h ec: Fail build on big-endian with enable-ec_nistp_64_gcc_128 2021-06-22 18:27:29 +10:00
ec_mult.c ec: remove TODOs 2021-06-02 16:30:15 +10:00
ec_oct.c Update copyright year 2021-03-11 13:27:36 +00:00
ec_pmeth.c Update our EVP_PKEY_METHODs to get low level keys via public APIs 2021-07-22 13:52:46 +02:00
ec_print.c EC_POINT_hex2point: forget to free pt 2021-12-16 12:40:05 +01:00
ecdh_kdf.c Rename all getters to use get/get0 in name 2021-06-01 12:40:00 +02:00
ecdh_ossl.c Update copyright year 2021-03-11 13:27:36 +00:00
ecdsa_ossl.c add zero strenght arguments to BN and RAND RNG calls 2021-05-29 17:17:12 +10:00
ecdsa_sign.c Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call 2020-11-13 09:35:02 +01:00
ecdsa_vrf.c Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call 2020-11-13 09:35:02 +01:00
eck_prn.c Update copyright year 2021-01-28 13:54:57 +01:00
ecp_mont.c Update copyright year 2021-03-11 13:27:36 +00:00
ecp_nist.c Update copyright year 2021-03-11 13:27:36 +00:00
ecp_nistp224.c Rework and make DEBUG macros consistent. 2021-05-28 10:04:31 +02:00
ecp_nistp256.c Rework and make DEBUG macros consistent. 2021-05-28 10:04:31 +02:00
ecp_nistp521.c ppccap.c: Split out algorithm-specific functions 2021-06-25 08:49:45 +01:00
ecp_nistputil.c Update copyright year 2021-03-11 13:27:36 +00:00
ecp_nistz256_table.c Following the license change, modify the boilerplates in crypto/ec/ 2018-12-06 14:51:47 +01:00
ecp_nistz256.c Update copyright year 2022-05-03 13:34:51 +01:00
ecp_oct.c Replace some of the ERR_clear_error() calls with mark calls 2021-05-13 19:26:06 +02:00
ecp_ppc.c ppccap.c: Split out algorithm-specific functions 2021-06-25 08:49:45 +01:00
ecp_s390x_nistp.c Update copyright year 2022-05-03 13:34:51 +01:00
ecp_smpl.c fix some code with obvious wrong coding style 2021-10-28 13:10:46 +10:00
ecx_backend.c Don't create an ECX key with short keys 2021-11-16 13:21:06 +00:00
ecx_backend.h Fix the KEYNID2TYPE macro 2020-05-04 09:30:55 +01:00
ecx_key.c Do not allow creating empty RSA keys by duplication 2021-04-15 09:23:18 +02:00
ecx_meth.c Fix possible null pointer dereference of evp_pkey_get_legacy() 2022-06-02 12:06:08 +02:00
ecx_s390x.c Update copyright year 2020-04-23 13:55:52 +01:00