openssl/crypto/x509
Bernd Edlinger b7e28c0bb1 Fix a memory leak in X509_issuer_and_serial_hash
This is reproducible with my error injection patch.

The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.

$ ERROR_INJECT=1653267699 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/5f4034ae85d6587dcad4da3e812e80f3d312894d
ERROR_INJECT=1653267699
    #0 0x7fd485a6ad4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36
    #1 0x55c12d268724 in my_malloc fuzz/test-corpus.c:114
    #2 0x7fd484f51a75 in CRYPTO_zalloc crypto/mem.c:230
    #3 0x7fd484ed778d in EVP_DigestInit_ex crypto/evp/digest.c:139
    #4 0x7fd4850a9849 in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:44
    #5 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44
    #6 0x55c12d268239 in testfile fuzz/test-corpus.c:182
    #7 0x55c12d267c7f in main fuzz/test-corpus.c:226
    #8 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308
    #9 0x55c12d267e5d in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/fuzz/x509-test+0x3e5d)

=================================================================
==1058475==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 268 byte(s) in 1 object(s) allocated from:
    #0 0x7fd485a5dc3e in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:163
    #1 0x7fd484d2eb9b in BUF_MEM_grow crypto/buffer/buffer.c:97
    #2 0x7fd4850b2913 in X509_NAME_oneline crypto/x509/x509_obj.c:43
    #3 0x7fd4850a982f in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:41
    #4 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44
    #5 0x55c12d268239 in testfile fuzz/test-corpus.c:182
    #6 0x55c12d267c7f in main fuzz/test-corpus.c:226
    #7 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308

SUMMARY: AddressSanitizer: 268 byte(s) leaked in 1 allocation(s).

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18371)
2022-05-24 11:52:46 +02:00
..
build.info
by_dir.c Update copyright year 2022-05-03 13:34:51 +01:00
by_file.c
by_store.c
ext_dat.h
pcy_cache.c fix some code with obvious wrong coding style 2021-10-28 13:10:46 +10:00
pcy_data.c
pcy_lib.c
pcy_local.h
pcy_map.c
pcy_node.c fix some code with obvious wrong coding style 2021-10-28 13:10:46 +10:00
pcy_tree.c
standard_exts.h
t_crl.c
t_req.c
t_x509.c Update copyright year 2022-05-03 13:34:51 +01:00
v3_addr.c
v3_admis.c fix some code with obvious wrong coding style 2021-10-28 13:10:46 +10:00
v3_admis.h
v3_akeya.c
v3_akid.c Update copyright year 2022-05-03 13:34:51 +01:00
v3_asid.c
v3_bcons.c
v3_bitst.c
v3_conf.c Add and use HAS_PREFIX() and CHECK_AND_SKIP_PREFIX() for checking if string has literal prefix 2021-11-17 15:48:34 +01:00
v3_cpols.c Add and use HAS_PREFIX() and CHECK_AND_SKIP_PREFIX() for checking if string has literal prefix 2021-11-17 15:48:34 +01:00
v3_crld.c Update copyright year 2022-05-03 13:34:51 +01:00
v3_enum.c
v3_extku.c
v3_genn.c
v3_ia5.c
v3_info.c
v3_int.c
v3_ist.c Update copyright year 2022-05-03 13:34:51 +01:00
v3_lib.c
v3_ncons.c Add and use HAS_PREFIX() and CHECK_AND_SKIP_PREFIX() for checking if string has literal prefix 2021-11-17 15:48:34 +01:00
v3_pci.c Add and use HAS_PREFIX() and CHECK_AND_SKIP_PREFIX() for checking if string has literal prefix 2021-11-17 15:48:34 +01:00
v3_pcia.c fix some code with obvious wrong coding style 2021-10-28 13:10:46 +10:00
v3_pcons.c
v3_pku.c
v3_pmaps.c
v3_prn.c
v3_purp.c
v3_san.c X509V3_set_ctx(): Clarify subject/req parameter for constructing SAN email addresses from subject DN 2021-12-07 15:14:49 +01:00
v3_skid.c X509V3_set_ctx(): Clarify use of subject/req parameter for constructing SKID by hash of pubkey 2021-12-07 15:13:26 +01:00
v3_sxnet.c Update copyright year 2022-05-03 13:34:51 +01:00
v3_tlsf.c Update copyright year 2022-05-03 13:34:51 +01:00
v3_utf8.c Update copyright year 2022-05-03 13:34:51 +01:00
v3_utl.c Update copyright year 2022-05-03 13:34:51 +01:00
v3err.c Update copyright year 2022-05-03 13:34:51 +01:00
x509_att.c
x509_cmp.c Fix a memory leak in X509_issuer_and_serial_hash 2022-05-24 11:52:46 +02:00
x509_d2.c
x509_def.c
x509_err.c
x509_ext.c
x509_local.h
x509_lu.c X509{,_LOOKUP}: Improve distinction between not found and fatal/internal error 2022-05-04 16:25:44 +02:00
x509_meth.c
x509_obj.c
x509_r2x.c
x509_req.c
x509_set.c
x509_trust.c X509{,_LOOKUP}: Improve distinction between not found and fatal/internal error 2022-05-04 16:25:44 +02:00
x509_txt.c
x509_v3.c
x509_vfy.c X509{,_LOOKUP}: Improve distinction between not found and fatal/internal error 2022-05-04 16:25:44 +02:00
x509_vpm.c
x509cset.c
x509name.c
x509rset.c
x509spki.c
x509type.c
x_all.c
x_attrib.c
x_crl.c Fix a crash in asn1_item_embed_new 2022-05-23 06:20:48 +02:00
x_exten.c
x_name.c Fix: invoking x509_name_cannon improperly 2021-11-09 10:05:09 +10:00
x_pubkey.c Update copyright year 2022-05-03 13:34:51 +01:00
x_req.c
x_x509.c
x_x509a.c