From: Sven-Haegar Koch Date: Sat, 14 Apr 2012 00:28:43 +0000 (+0200) Subject: ecdh & ecdsa: avoid some possible memory leaks in error conditions. X-Git-Tag: release-1.1pre3~131 X-Git-Url: https://tinc-vpn.org/git/browse?a=commitdiff_plain;h=f8e15dfe8d155b5bdb1e39bf6b9af486606145e8;p=tinc ecdh & ecdsa: avoid some possible memory leaks in error conditions. --- diff --git a/src/openssl/ecdh.c b/src/openssl/ecdh.c index dd8f53f5..871f9fbd 100644 --- a/src/openssl/ecdh.c +++ b/src/openssl/ecdh.c @@ -30,19 +30,30 @@ bool ecdh_generate_public(ecdh_t *ecdh, void *pubkey) { *ecdh = EC_KEY_new_by_curve_name(NID_secp521r1); + if(!*ecdh) { + logger(DEBUG_ALWAYS, LOG_ERR, "Generating EC key_by_curve_name failed: %s", ERR_error_string(ERR_get_error(), NULL)); + return false; + } + if(!EC_KEY_generate_key(*ecdh)) { + EC_KEY_free(*ecdh); + *ecdh = NULL; logger(DEBUG_ALWAYS, LOG_ERR, "Generating EC key failed: %s", ERR_error_string(ERR_get_error(), NULL)); return false; } const EC_POINT *point = EC_KEY_get0_public_key(*ecdh); if(!point) { + EC_KEY_free(*ecdh); + *ecdh = NULL; logger(DEBUG_ALWAYS, LOG_ERR, "Getting public key failed: %s", ERR_error_string(ERR_get_error(), NULL)); return false; } size_t result = EC_POINT_point2oct(EC_KEY_get0_group(*ecdh), point, POINT_CONVERSION_COMPRESSED, pubkey, ECDH_SIZE, NULL); if(!result) { + EC_KEY_free(*ecdh); + *ecdh = NULL; logger(DEBUG_ALWAYS, LOG_ERR, "Converting EC_POINT to binary failed: %s", ERR_error_string(ERR_get_error(), NULL)); return false; } @@ -59,6 +70,7 @@ bool ecdh_compute_shared(ecdh_t *ecdh, const void *pubkey, void *shared) { int result = EC_POINT_oct2point(EC_KEY_get0_group(*ecdh), point, pubkey, ECDH_SIZE, NULL); if(!result) { + EC_POINT_free(point); logger(DEBUG_ALWAYS, LOG_ERR, "Converting binary to EC_POINT failed: %s", ERR_error_string(ERR_get_error(), NULL)); return false; } diff --git a/src/openssl/ecdsa.c b/src/openssl/ecdsa.c index a2c7deb4..8b025015 100644 --- a/src/openssl/ecdsa.c +++ b/src/openssl/ecdsa.c @@ -30,7 +30,11 @@ // bool ecdsa_set_base64_public_key(ecdsa_t *ecdsa, const char *p) { *ecdsa = EC_KEY_new_by_curve_name(NID_secp521r1); - + if(!*ecdsa) { + logger(DEBUG_ALWAYS, LOG_DEBUG, "EC_KEY_new_by_curve_name failed: %s", ERR_error_string(ERR_get_error(), NULL)); + return false; + } + int len = strlen(p); unsigned char pubkey[len / 4 * 3 + 3]; const unsigned char *ppubkey = pubkey;