openssl/crypto/conf/conf_api.c
Bernd Edlinger 19b30f1c59 Fix another memory leak reported in CIFuzz
Direct leak of 2 byte(s) in 1 object(s) allocated from:
    #0 0x4a067d in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:129:3
    #1 0x57acd9 in CRYPTO_malloc /src/openssl/crypto/mem.c:184:12
    #2 0x57e106 in CRYPTO_strdup /src/openssl/crypto/o_str.c:24:11
    #3 0x5c139f in def_load_bio /src/openssl/crypto/conf/conf_def.c:427:45
    #4 0x56adf5 in NCONF_load_bio /src/openssl/crypto/conf/conf_lib.c:282:12
    #5 0x4d96cf in FuzzerTestOneInput /src/openssl/fuzz/conf.c:38:5
    #6 0x4d9830 in LLVMFuzzerTestOneInput /src/openssl/fuzz/driver.c:28:12
    #7 0x510c23 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) cxa_noexception.cpp
    #8 0x4fc4d2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
    #9 0x501f85 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) cxa_noexception.cpp
    #10 0x52ac82 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #11 0x7f15336bf0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16813)
2021-10-14 14:57:00 +02:00

215 lines
5.3 KiB
C

/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/* Part of the code in here was originally in conf.c, which is now removed */
#include "e_os.h"
#include "internal/cryptlib.h"
#include <stdlib.h>
#include <string.h>
#include <openssl/conf.h>
#include <openssl/conf_api.h>
#include "conf_local.h"
static void value_free_hash(const CONF_VALUE *a, LHASH_OF(CONF_VALUE) *conf);
static void value_free_stack_doall(CONF_VALUE *a);
CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section)
{
CONF_VALUE vv;
if (conf == NULL || section == NULL)
return NULL;
vv.name = NULL;
vv.section = (char *)section;
return conf->data != NULL ? lh_CONF_VALUE_retrieve(conf->data, &vv) : NULL;
}
STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf,
const char *section)
{
CONF_VALUE *v;
v = _CONF_get_section(conf, section);
if (v == NULL)
return NULL;
return ((STACK_OF(CONF_VALUE) *)v->value);
}
int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value)
{
CONF_VALUE *v = NULL;
STACK_OF(CONF_VALUE) *ts;
ts = (STACK_OF(CONF_VALUE) *)section->value;
value->section = section->section;
if (!sk_CONF_VALUE_push(ts, value))
return 0;
v = lh_CONF_VALUE_insert(conf->data, value);
if (v != NULL) {
(void)sk_CONF_VALUE_delete_ptr(ts, v);
OPENSSL_free(v->name);
OPENSSL_free(v->value);
OPENSSL_free(v);
}
return 1;
}
char *_CONF_get_string(const CONF *conf, const char *section,
const char *name)
{
CONF_VALUE *v, vv;
char *p;
if (name == NULL)
return NULL;
if (conf == NULL)
return ossl_safe_getenv(name);
if (conf->data == NULL)
return NULL;
if (section != NULL) {
vv.name = (char *)name;
vv.section = (char *)section;
v = lh_CONF_VALUE_retrieve(conf->data, &vv);
if (v != NULL)
return v->value;
if (strcmp(section, "ENV") == 0) {
p = ossl_safe_getenv(name);
if (p != NULL)
return p;
}
}
vv.section = "default";
vv.name = (char *)name;
v = lh_CONF_VALUE_retrieve(conf->data, &vv);
if (v == NULL)
return NULL;
return v->value;
}
static unsigned long conf_value_hash(const CONF_VALUE *v)
{
return (OPENSSL_LH_strhash(v->section) << 2) ^ OPENSSL_LH_strhash(v->name);
}
static int conf_value_cmp(const CONF_VALUE *a, const CONF_VALUE *b)
{
int i;
if (a->section != b->section) {
i = strcmp(a->section, b->section);
if (i != 0)
return i;
}
if (a->name != NULL && b->name != NULL)
return strcmp(a->name, b->name);
if (a->name == b->name)
return 0;
return (a->name == NULL) ? -1 : 1;
}
int _CONF_new_data(CONF *conf)
{
if (conf == NULL)
return 0;
if (conf->data == NULL) {
conf->data = lh_CONF_VALUE_new(conf_value_hash, conf_value_cmp);
if (conf->data == NULL)
return 0;
}
return 1;
}
typedef LHASH_OF(CONF_VALUE) LH_CONF_VALUE;
IMPLEMENT_LHASH_DOALL_ARG_CONST(CONF_VALUE, LH_CONF_VALUE);
void _CONF_free_data(CONF *conf)
{
if (conf == NULL)
return;
OPENSSL_free(conf->includedir);
if (conf->data == NULL)
return;
/* evil thing to make sure the 'OPENSSL_free()' works as expected */
lh_CONF_VALUE_set_down_load(conf->data, 0);
lh_CONF_VALUE_doall_LH_CONF_VALUE(conf->data, value_free_hash, conf->data);
/*
* We now have only 'section' entries in the hash table. Due to problems
* with
*/
lh_CONF_VALUE_doall(conf->data, value_free_stack_doall);
lh_CONF_VALUE_free(conf->data);
}
static void value_free_hash(const CONF_VALUE *a, LHASH_OF(CONF_VALUE) *conf)
{
if (a->name != NULL)
(void)lh_CONF_VALUE_delete(conf, a);
}
static void value_free_stack_doall(CONF_VALUE *a)
{
CONF_VALUE *vv;
STACK_OF(CONF_VALUE) *sk;
int i;
if (a->name != NULL)
return;
sk = (STACK_OF(CONF_VALUE) *)a->value;
for (i = sk_CONF_VALUE_num(sk) - 1; i >= 0; i--) {
vv = sk_CONF_VALUE_value(sk, i);
OPENSSL_free(vv->value);
OPENSSL_free(vv->name);
OPENSSL_free(vv);
}
sk_CONF_VALUE_free(sk);
OPENSSL_free(a->section);
OPENSSL_free(a);
}
CONF_VALUE *_CONF_new_section(CONF *conf, const char *section)
{
STACK_OF(CONF_VALUE) *sk = NULL;
int i;
CONF_VALUE *v = NULL, *vv;
if ((sk = sk_CONF_VALUE_new_null()) == NULL)
goto err;
if ((v = OPENSSL_malloc(sizeof(*v))) == NULL)
goto err;
i = strlen(section) + 1;
if ((v->section = OPENSSL_malloc(i)) == NULL)
goto err;
memcpy(v->section, section, i);
v->name = NULL;
v->value = (char *)sk;
vv = lh_CONF_VALUE_insert(conf->data, v);
if (vv != NULL || lh_CONF_VALUE_error(conf->data) > 0)
goto err;
return v;
err:
sk_CONF_VALUE_free(sk);
if (v != NULL)
OPENSSL_free(v->section);
OPENSSL_free(v);
return NULL;
}