mirror of
https://github.com/isc-projects/bind9.git
synced 2026-05-28 04:34:54 -04:00
Merge branch '3551-missing-rsa_free-call-in-opensslrsa_verify2' into 'main'
Resolve "Missing RSA_free call in opensslrsa_verify2" Closes #3551 See merge request isc-projects/bind9!6810
This commit is contained in:
Mark Andrews
commit
edc804b9b8
2 changed files with 20 additions and 1 deletions
3
CHANGES
3
CHANGES
|
|
@ -1,3 +1,6 @@
|
|||
5988. [bug] Some out of memory conditions in opensslrsa_link.c
|
||||
could lead to memory leaks. [GL #3551]
|
||||
|
||||
5987. [func] Provide custom isc_mem based allocators for libuv,
|
||||
OpenSSL and libxml2 libraries that support replacing
|
||||
the internal allocators. [GL #3559]
|
||||
|
|
|
|||
|
|
@ -202,6 +202,7 @@ opensslrsa_verify2(dst_context_t *dctx, int maxbits, const isc_region_t *sig) {
|
|||
}
|
||||
RSA_get0_key(rsa, NULL, &e, NULL);
|
||||
if (e == NULL) {
|
||||
RSA_free(rsa);
|
||||
return (dst__openssl_toresult(DST_R_VERIFYFAILURE));
|
||||
}
|
||||
bits = BN_num_bits(e);
|
||||
|
|
@ -590,10 +591,10 @@ opensslrsa_todns(const dst_key_t *key, isc_buffer_t *data) {
|
|||
#else
|
||||
EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_E, &e);
|
||||
EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_N, &n);
|
||||
#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */
|
||||
if (e == NULL || n == NULL) {
|
||||
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
|
||||
}
|
||||
#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */
|
||||
|
||||
mod_bytes = BN_num_bytes(n);
|
||||
e_bytes = BN_num_bytes(e);
|
||||
|
|
@ -691,6 +692,9 @@ opensslrsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
|
|||
e = BN_bin2bn(r.base, e_bytes, NULL);
|
||||
isc_region_consume(&r, e_bytes);
|
||||
n = BN_bin2bn(r.base, r.length, NULL);
|
||||
if (e == NULL || n == NULL) {
|
||||
DST_RET(ISC_R_NOMEMORY);
|
||||
}
|
||||
|
||||
key->key_size = BN_num_bits(n);
|
||||
|
||||
|
|
@ -992,13 +996,25 @@ rsa_check(RSA *rsa, RSA *pub) {
|
|||
}
|
||||
} else {
|
||||
n = BN_dup(n2);
|
||||
if (n == NULL) {
|
||||
return (ISC_R_NOMEMORY);
|
||||
}
|
||||
}
|
||||
if (e1 != NULL) {
|
||||
if (BN_cmp(e1, e2) != 0) {
|
||||
if (n != NULL) {
|
||||
BN_free(n);
|
||||
}
|
||||
return (DST_R_INVALIDPRIVATEKEY);
|
||||
}
|
||||
} else {
|
||||
e = BN_dup(e2);
|
||||
if (e == NULL) {
|
||||
if (n != NULL) {
|
||||
BN_free(n);
|
||||
}
|
||||
return (ISC_R_NOMEMORY);
|
||||
}
|
||||
}
|
||||
if (RSA_set0_key(rsa, n, e, NULL) == 0) {
|
||||
if (n != NULL) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue