On May 22, 2007, at 3:50 PM, Daniel Stenberg wrote:
> On Tue, 22 May 2007, Andre Guibert de Bruet wrote:
>
>> While auditing memory usage in a piece of software that makes
>> extensive use of cURL's HTTPS functionality, I came across a
>> condition in which cURL leaks the peer_CN heap variable in lib/
>> ssluse.c if the call to Curl_convert_from_utf8() is unsuccessful.
>> This following is a diff against 7.16.2:
>
> Thanks, applied!

Thanks for the quick turnaround! I am quite impressed! :)

This next issue is much like the first. In the PKCS12 case, a
PKCS12_parse() error causes a leak of the p12 heap-allocated variable
(The line offsets are 7.16.2 + my previous patch).

--- ssluse.c.orig 2007-05-22 15:11:30.000000000 -0400
+++ ssluse.c 2007-05-22 16:26:28.000000000 -0400
@@ -377,6 +377,7 @@
          failf(data,
                "could not parse PKCS12 file, check password, OpenSSL
error %s",
                ERR_error_string(ERR_get_error(), NULL) );
+ PKCS12_free(p12);
          return 0;
        }

Regards,

/* Andre Guibert de Bruet * 6f43 6564 7020 656f 2e74 4220 7469 6a20 */
/* Code poet / Sysadmin * 636f 656b 2e79 5320 7379 6461 696d 2e6e */
/* GSM: +1 734 846 8758 * 5520 494e 2058 6c73 7565 6874 002e 0000 */
/* WWW: siliconlandmark.com * C/C++, Java, Perl, PHP, SQL, XHTML, XML */
Received on 2007-05-22