diff options
| author | Masahiro Yamada <yamada.masahiro@socionext.com> | 2017-02-06 21:15:01 +0900 |
|---|---|---|
| committer | Masahiro Yamada <yamada.masahiro@socionext.com> | 2017-02-11 12:59:16 +0900 |
| commit | 762f1ebe8d1b26e78cd4923f832a611c8a5f0a89 (patch) | |
| tree | 06997d3046017bdf623e8dddea71fcaa408b0cd9 /tools | |
| parent | bab16f9912c6a2ea7600e8d713c1eebf8f0c11d7 (diff) | |
cert_create: fix memory leak bug caused by key container overwrite
In the current code, both key_load() and key_create() call key_new()
to allocate a key container (and they do not free it even if they
fail). If a specific key is not given by the command option,
key_load() fails, then key_create() is called. At this point, the
key container that has been allocated in key_load() is still alive,
and it is overwritten by a new key container created by key_create().
Move the key_new() call to the main() function to make sure it is
called just once for each descriptor.
While we are here, let's fix one more bug; the error handling code
ERROR("Malloc error while loading '%s'\n", keys[i].fn);
is wrong because keys[i].fn is NULL pointer unless a specific key is
given by the command option. This code could be run in either case.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Diffstat (limited to 'tools')
| -rw-r--r-- | tools/cert_create/include/key.h | 1 | ||||
| -rw-r--r-- | tools/cert_create/src/key.c | 13 | ||||
| -rw-r--r-- | tools/cert_create/src/main.c | 11 |
3 files changed, 8 insertions, 17 deletions
diff --git a/tools/cert_create/include/key.h b/tools/cert_create/include/key.h index f60997f0..433f72ce 100644 --- a/tools/cert_create/include/key.h +++ b/tools/cert_create/include/key.h @@ -73,6 +73,7 @@ typedef struct key_s { /* Exported API */ int key_init(void); key_t *key_get_by_opt(const char *opt); +int key_new(key_t *key); int key_create(key_t *key, int type); int key_load(key_t *key, unsigned int *err_code); int key_store(key_t *key); diff --git a/tools/cert_create/src/key.c b/tools/cert_create/src/key.c index a7ee7596..47c152c7 100644 --- a/tools/cert_create/src/key.c +++ b/tools/cert_create/src/key.c @@ -49,7 +49,7 @@ /* * Create a new key container */ -static int key_new(key_t *key) +int key_new(key_t *key) { /* Create key pair container */ key->key = EVP_PKEY_new(); @@ -123,11 +123,6 @@ int key_create(key_t *key, int type) return 0; } - /* Create OpenSSL key container */ - if (!key_new(key)) { - return 0; - } - if (key_create_fn[type]) { return key_create_fn[type](key); } @@ -140,12 +135,6 @@ int key_load(key_t *key, unsigned int *err_code) FILE *fp = NULL; EVP_PKEY *k = NULL; - /* Create OpenSSL key container */ - if (!key_new(key)) { - *err_code = KEY_ERR_MALLOC; - return 0; - } - if (key->fn) { /* Load key from file */ fp = fopen(key->fn, "r"); diff --git a/tools/cert_create/src/main.c b/tools/cert_create/src/main.c index c58f41de..dac9e57c 100644 --- a/tools/cert_create/src/main.c +++ b/tools/cert_create/src/main.c @@ -367,6 +367,11 @@ int main(int argc, char *argv[]) /* Load private keys from files (or generate new ones) */ for (i = 0 ; i < num_keys ; i++) { + if (!key_new(&keys[i])) { + ERROR("Failed to allocate key container\n"); + exit(1); + } + /* First try to load the key from disk */ if (key_load(&keys[i], &err_code)) { /* Key loaded successfully */ @@ -374,11 +379,7 @@ int main(int argc, char *argv[]) } /* Key not loaded. Check the error code */ - if (err_code == KEY_ERR_MALLOC) { - /* Cannot allocate memory. Abort. */ - ERROR("Malloc error while loading '%s'\n", keys[i].fn); - exit(1); - } else if (err_code == KEY_ERR_LOAD) { + if (err_code == KEY_ERR_LOAD) { /* File exists, but it does not contain a valid private * key. Abort. */ ERROR("Error loading '%s'\n", keys[i].fn); |