From 73df5c80538970ee1fbc4fe3348109bdc281e197 Mon Sep 17 00:00:00 2001 From: Aram Sargsyan Date: Thu, 18 Aug 2022 08:59:09 +0000 Subject: [PATCH] Fix memory leaks in DH code When used with OpenSSL v3.0.0+, the `openssldh_compare()`, `openssldh_paramcompare()`, and `openssldh_todns()` functions fail to cleanup the used memory on some error paths. Use `DST_RET` instead of `return`, when there is memory to be released before returning from the functions. (cherry picked from commit 73d6bbff4e1df583810126fe58eac39bb52bc0d9) --- lib/dns/openssldh_link.c | 34 ++++++++++++++++++++-------------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/lib/dns/openssldh_link.c b/lib/dns/openssldh_link.c index 30de343..2af1d30 100644 --- a/lib/dns/openssldh_link.c +++ b/lib/dns/openssldh_link.c @@ -68,6 +68,7 @@ "83655D23DCA3AD961C62F356208552BB9ED529077096966D" \ "670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF" +#define DST_RET(a) {ret = a; goto err;} static isc_result_t openssldh_todns(const dst_key_t *key, isc_buffer_t *data); @@ -186,7 +187,8 @@ openssldh_computesecret(const dst_key_t *pub, const dst_key_t *priv, static bool openssldh_compare(const dst_key_t *key1, const dst_key_t *key2) { - DH *dh1, *dh2; + bool ret = true; + DH *dh1, *dh2; const BIGNUM *pub_key1 = NULL, *pub_key2 = NULL; const BIGNUM *priv_key1 = NULL, *priv_key2 = NULL; const BIGNUM *p1 = NULL, *g1 = NULL, *p2 = NULL, *g2 = NULL; @@ -206,20 +208,21 @@ openssldh_compare(const dst_key_t *key1, const dst_key_t *key2) { if (BN_cmp(p1, p2) != 0 || BN_cmp(g1, g2) != 0 || BN_cmp(pub_key1, pub_key2) != 0) - return (false); + DST_RET(false); if (priv_key1 != NULL || priv_key2 != NULL) { - if (priv_key1 == NULL || priv_key2 == NULL) - return (false); - if (BN_cmp(priv_key1, priv_key2) != 0) - return (false); + if (priv_key1 == NULL || priv_key2 == NULL || + BN_cmp(priv_key1, priv_key2) != 0) + DST_RET(false); } - return (true); +err: + return (ret); } static bool openssldh_paramcompare(const dst_key_t *key1, const dst_key_t *key2) { - DH *dh1, *dh2; + bool ret = true; + DH *dh1, *dh2; const BIGNUM *p1 = NULL, *g1 = NULL, *p2 = NULL, *g2 = NULL; dh1 = key1->keydata.dh; @@ -234,8 +237,10 @@ openssldh_paramcompare(const dst_key_t *key1, const dst_key_t *key2) { DH_get0_pqg(dh2, &p2, NULL, &g2); if (BN_cmp(p1, p2) != 0 || BN_cmp(g1, g2) != 0) - return (false); - return (true); + DST_RET(false); + +err: + return (ret); } #if OPENSSL_VERSION_NUMBER > 0x00908000L @@ -393,7 +398,8 @@ uint16_fromregion(isc_region_t *region) { static isc_result_t openssldh_todns(const dst_key_t *key, isc_buffer_t *data) { - DH *dh; + isc_result_t ret = ISC_R_SUCCESS; + DH *dh; const BIGNUM *pub_key = NULL, *p = NULL, *g = NULL; isc_region_t r; uint16_t dnslen, plen, glen, publen; @@ -420,7 +426,7 @@ openssldh_todns(const dst_key_t *key, isc_buffer_t *data) { publen = BN_num_bytes(pub_key); dnslen = plen + glen + publen + 6; if (r.length < (unsigned int) dnslen) - return (ISC_R_NOSPACE); + DST_RET(ISC_R_NOSPACE); uint16_toregion(plen, &r); if (plen == 1) { @@ -445,7 +451,8 @@ openssldh_todns(const dst_key_t *key, isc_buffer_t *data) { isc_buffer_add(data, dnslen); - return (ISC_R_SUCCESS); +err: + return (ret); } static isc_result_t @@ -659,7 +666,6 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) { DH *dh = NULL; BIGNUM *pub_key = NULL, *priv_key = NULL, *p = NULL, *g = NULL; isc_mem_t *mctx; -#define DST_RET(a) {ret = a; goto err;} UNUSED(pub); mctx = key->mctx; -- 2.23.0