diff --git a/CHANGES b/CHANGES index 10bf4b476f..9bf6f54a32 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +5988. [bug] Some out of memory conditions in opensslrsa_link.c + could lead to memory leaks. [GL #3551] + 5987. [func] Provide custom isc_mem based allocators for libuv, OpenSSL and libxml2 libraries that support replacing the internal allocators. [GL #3559] diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c index 4d8c29ea89..bc89ca9a08 100644 --- a/lib/dns/opensslrsa_link.c +++ b/lib/dns/opensslrsa_link.c @@ -202,6 +202,7 @@ opensslrsa_verify2(dst_context_t *dctx, int maxbits, const isc_region_t *sig) { } RSA_get0_key(rsa, NULL, &e, NULL); if (e == NULL) { + RSA_free(rsa); return (dst__openssl_toresult(DST_R_VERIFYFAILURE)); } bits = BN_num_bits(e); @@ -590,10 +591,10 @@ opensslrsa_todns(const dst_key_t *key, isc_buffer_t *data) { #else EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_E, &e); EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_N, &n); +#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ if (e == NULL || n == NULL) { DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE)); } -#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ mod_bytes = BN_num_bytes(n); e_bytes = BN_num_bytes(e); @@ -691,6 +692,9 @@ opensslrsa_fromdns(dst_key_t *key, isc_buffer_t *data) { e = BN_bin2bn(r.base, e_bytes, NULL); isc_region_consume(&r, e_bytes); n = BN_bin2bn(r.base, r.length, NULL); + if (e == NULL || n == NULL) { + DST_RET(ISC_R_NOMEMORY); + } key->key_size = BN_num_bits(n); @@ -992,13 +996,25 @@ rsa_check(RSA *rsa, RSA *pub) { } } else { n = BN_dup(n2); + if (n == NULL) { + return (ISC_R_NOMEMORY); + } } if (e1 != NULL) { if (BN_cmp(e1, e2) != 0) { + if (n != NULL) { + BN_free(n); + } return (DST_R_INVALIDPRIVATEKEY); } } else { e = BN_dup(e2); + if (e == NULL) { + if (n != NULL) { + BN_free(n); + } + return (ISC_R_NOMEMORY); + } } if (RSA_set0_key(rsa, n, e, NULL) == 0) { if (n != NULL) {