From: tb <tb@openbsd.org>
Date: Thu, 9 May 2024 07:12:03 +0000 (+0000)
Subject: Plug a "leak" in ssl_security_group()
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=bd6ff8689347f6820de92d9886bceca167a9d278;p=openbsd

Plug a "leak" in ssl_security_group()

The way the CBB API is used, CBB_add_u16() and CBB_finish() can't actually
fail here, but if they could, cbb->base would leak. Rewrite this code with
the proper idioms to make it look right.

ok jsing
---

diff --git a/lib/libssl/ssl_seclevel.c b/lib/libssl/ssl_seclevel.c
index 1869c8108d9..6a5d16bfaa2 100644
--- a/lib/libssl/ssl_seclevel.c
+++ b/lib/libssl/ssl_seclevel.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ssl_seclevel.c,v 1.27 2022/11/26 16:08:56 tb Exp $ */
+/*	$OpenBSD: ssl_seclevel.c,v 1.28 2024/05/09 07:12:03 tb Exp $ */
 /*
  * Copyright (c) 2020-2022 Theo Buehler <tb@openbsd.org>
  *
@@ -445,19 +445,26 @@ ssl_security_group(const SSL *ssl, uint16_t group_id, int secop)
 	int bits, nid;
 	uint8_t group[2];
 
+	memset(&cbb, 0, sizeof(cbb));
+
 	if (!tls1_ec_group_id2bits(group_id, &bits))
-		return 0;
+		goto err;
 	if (!tls1_ec_group_id2nid(group_id, &nid))
-		return 0;
+		goto err;
 
 	if (!CBB_init_fixed(&cbb, group, sizeof(group)))
-		return 0;
+		goto err;
 	if (!CBB_add_u16(&cbb, group_id))
-		return 0;
+		goto err;
 	if (!CBB_finish(&cbb, NULL, NULL))
-		return 0;
+		goto err;
 
 	return ssl_security(ssl, secop, bits, nid, group);
+
+ err:
+	CBB_cleanup(&cbb);
+
+	return 0;
 }
 
 int