fix a memory leak reported by Qualys Security.

move the bndec variable in tighter since it's not used elsewhere in the
loop, then always free it after use.
ok bcook miod

diff --git a/lib/libcrypto/objects/obj_dat.c b/lib/libcrypto/objects/obj_dat.c
index 82ebb9b..dab860d 100644 (file)
--- a/lib/libcrypto/objects/obj_dat.c
+++ b/lib/libcrypto/objects/obj_dat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: obj_dat.c,v 1.32 2015/10/14 21:02:08 beck Exp $ */
+/* $OpenBSD: obj_dat.c,v 1.33 2015/10/14 21:12:10 tedu Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -491,7 +491,6 @@ OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
 {
        int i, ret = 0, len, nid, first = 1, use_bn;
        BIGNUM *bl = NULL;
-       char *bndec = NULL;
        unsigned long l;
        const unsigned char *p;
 
@@ -567,10 +566,13 @@ OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
                }
 
                if (use_bn) {
+                       char *bndec;
+
                        bndec = BN_bn2dec(bl);
                        if (!bndec)
                                goto err;
                        i = snprintf(buf, buf_len, ".%s", bndec);
+                       free(bndec);
                        if (i == -1)
                                goto err;
                        if (i >= buf_len) {
@@ -598,7 +600,6 @@ OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
        }
 
 out:
-       free(bndec);
        BN_free(bl);
        return ret;
 

diff --git a/lib/libssl/src/crypto/objects/obj_dat.c b/lib/libssl/src/crypto/objects/obj_dat.c
index 82ebb9b..dab860d 100644 (file)
--- a/lib/libssl/src/crypto/objects/obj_dat.c
+++ b/lib/libssl/src/crypto/objects/obj_dat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: obj_dat.c,v 1.32 2015/10/14 21:02:08 beck Exp $ */
+/* $OpenBSD: obj_dat.c,v 1.33 2015/10/14 21:12:10 tedu Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -491,7 +491,6 @@ OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
 {
        int i, ret = 0, len, nid, first = 1, use_bn;
        BIGNUM *bl = NULL;
-       char *bndec = NULL;
        unsigned long l;
        const unsigned char *p;
 
@@ -567,10 +566,13 @@ OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
                }
 
                if (use_bn) {
+                       char *bndec;
+
                        bndec = BN_bn2dec(bl);
                        if (!bndec)
                                goto err;
                        i = snprintf(buf, buf_len, ".%s", bndec);
+                       free(bndec);
                        if (i == -1)
                                goto err;
                        if (i >= buf_len) {
@@ -598,7 +600,6 @@ OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
        }
 
 out:
-       free(bndec);
        BN_free(bl);
        return ret;