From 317a2ecda8e48187f8c280d76a94f146cdce0256 Mon Sep 17 00:00:00 2001 From: tb Date: Tue, 9 Apr 2024 13:56:00 +0000 Subject: [PATCH] Plug leaks in ASN1_TIME_set_string_internal() This API can be called with s == NULL, in which case the tm_to_*() functions helpfully allocate a new s and then leak. This is a rather ugly fix to make portable ASAN regress happy again, the better fix will be to rewrite the tm_to_*() functions and adjust their callers. That is more intrusive and will be done in a later pass. ok bcook jsing --- lib/libcrypto/asn1/a_time_tm.c | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/lib/libcrypto/asn1/a_time_tm.c b/lib/libcrypto/asn1/a_time_tm.c index c8eabec08f1..16b9df25844 100644 --- a/lib/libcrypto/asn1/a_time_tm.c +++ b/lib/libcrypto/asn1/a_time_tm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: a_time_tm.c,v 1.34 2024/04/08 19:57:40 beck Exp $ */ +/* $OpenBSD: a_time_tm.c,v 1.35 2024/04/09 13:56:00 tb Exp $ */ /* * Copyright (c) 2015 Bob Beck * @@ -344,21 +344,32 @@ ASN1_time_parse(const char *bytes, size_t len, struct tm *tm, int mode) static int ASN1_TIME_set_string_internal(ASN1_TIME *s, const char *str, int mode) { + ASN1_TIME *atime = s; struct tm tm; int type; + int ret = 0; if ((type = ASN1_time_parse(str, strlen(str), &tm, mode)) == -1) return (0); - switch(mode) { + switch (mode) { case V_ASN1_UTCTIME: - return (type == mode && tm_to_utctime(&tm, s) != NULL); + ret = (type == mode && (atime = tm_to_utctime(&tm, s)) != NULL); + break; case V_ASN1_GENERALIZEDTIME: - return (type == mode && tm_to_gentime(&tm, s) != NULL); + ret = (type == mode && (atime = tm_to_gentime(&tm, s)) != NULL); + break; case RFC5280: - return (tm_to_rfc5280_time(&tm, s) != NULL); + ret = ((atime = tm_to_rfc5280_time(&tm, s)) != NULL); + break; default: - return (0); + ret = 0; + break; } + + if (atime != s) + ASN1_TIME_free(atime); + + return ret; } static ASN1_TIME * -- 2.20.1