From 5cc80106ccf9c64c83c3e231c5fab2cd4170d294 Mon Sep 17 00:00:00 2001 From: tb Date: Wed, 24 Nov 2021 04:32:52 +0000 Subject: [PATCH] libkeynote: stop reaching into EVP_PKEY internals. Use EVP_PKEY_get0_RSA() instead of pPublicKey->pkey.rsa. Fix a couple of leaks in the vicinity: we need a reference on the RSA, which is what keynote_free_key() frees, not on the EVP_PKEY. Also, don't leak the entire certificate on success. ok beck --- lib/libkeynote/signature.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/lib/libkeynote/signature.c b/lib/libkeynote/signature.c index c0dadc2aea4..dd96bdb47f2 100644 --- a/lib/libkeynote/signature.c +++ b/lib/libkeynote/signature.c @@ -1,4 +1,4 @@ -/* $OpenBSD: signature.c,v 1.26 2017/05/09 13:52:45 mestre Exp $ */ +/* $OpenBSD: signature.c,v 1.27 2021/11/24 04:32:52 tb Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@dsl.cis.upenn.edu) * @@ -522,7 +522,7 @@ kn_decode_key(struct keynote_deckey *dc, char *key, int keytype) return -1; } - if ((pPublicKey = X509_get_pubkey(px509Cert)) == NULL) { + if ((pPublicKey = X509_get0_pubkey(px509Cert)) == NULL) { free(ptr); X509_free(px509Cert); keynote_errno = ERROR_SYNTAX; @@ -530,9 +530,11 @@ kn_decode_key(struct keynote_deckey *dc, char *key, int keytype) } /* RSA-specific */ - dc->dec_key = pPublicKey->pkey.rsa; + dc->dec_key = EVP_PKEY_get0_RSA(pPublicKey); + RSA_up_ref(dc->dec_key); free(ptr); + X509_free(px509Cert); return 0; } -- 2.20.1