1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
|
From 73df5c80538970ee1fbc4fe3348109bdc281e197 Mon Sep 17 00:00:00 2001
From: Aram Sargsyan <aram@isc.org>
Date: Thu, 18 Aug 2022 08:59:09 +0000
Subject: [PATCH] Fix memory leaks in DH code
When used with OpenSSL v3.0.0+, the `openssldh_compare()`,
`openssldh_paramcompare()`, and `openssldh_todns()` functions
fail to cleanup the used memory on some error paths.
Use `DST_RET` instead of `return`, when there is memory to be
released before returning from the functions.
Conflict: NA
Reference: https://gitlab.isc.org/isc-projects/bind9/-/commit/73df5c80538970ee1fbc4fe3348109bdc281e197
(cherry picked from commit 73d6bbff4e1df583810126fe58eac39bb52bc0d9)
---
lib/dns/openssldh_link.c | 45 +++++++++++++++++++++++-----------------
1 file changed, 26 insertions(+), 19 deletions(-)
diff --git a/lib/dns/openssldh_link.c b/lib/dns/openssldh_link.c
index 72b8209..ece97ea 100644
--- a/lib/dns/openssldh_link.c
+++ b/lib/dns/openssldh_link.c
@@ -68,6 +68,12 @@
"83655D23DCA3AD961C62F356208552BB9ED529077096966D" \
"670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF"
+#define DST_RET(a) \
+ { \
+ ret = a; \
+ goto err; \
+ }
+
static BIGNUM *bn2 = NULL, *bn768 = NULL, *bn1024 = NULL, *bn1536 = NULL;
#if !HAVE_DH_GET0_KEY
@@ -180,7 +186,8 @@ openssldh_computesecret(const dst_key_t *pub, const dst_key_t *priv,
static bool
openssldh_compare(const dst_key_t *key1, const dst_key_t *key2) {
- DH *dh1, *dh2;
+ bool ret = true;
+ DH *dh1, *dh2;
const BIGNUM *pub_key1 = NULL, *pub_key2 = NULL;
const BIGNUM *priv_key1 = NULL, *priv_key2 = NULL;
const BIGNUM *p1 = NULL, *g1 = NULL, *p2 = NULL, *g2 = NULL;
@@ -202,23 +209,24 @@ openssldh_compare(const dst_key_t *key1, const dst_key_t *key2) {
if (BN_cmp(p1, p2) != 0 || BN_cmp(g1, g2) != 0 ||
BN_cmp(pub_key1, pub_key2) != 0)
{
- return (false);
+ DST_RET(false);
}
if (priv_key1 != NULL || priv_key2 != NULL) {
- if (priv_key1 == NULL || priv_key2 == NULL) {
- return (false);
- }
- if (BN_cmp(priv_key1, priv_key2) != 0) {
- return (false);
+ if (priv_key1 == NULL || priv_key2 == NULL ||
+ BN_cmp(priv_key1, priv_key2) != 0) {
+ DST_RET(false);
}
}
- return (true);
+
+err:
+ return (ret);
}
static bool
openssldh_paramcompare(const dst_key_t *key1, const dst_key_t *key2) {
- DH *dh1, *dh2;
+ bool ret = true;
+ DH *dh1, *dh2;
const BIGNUM *p1 = NULL, *g1 = NULL, *p2 = NULL, *g2 = NULL;
dh1 = key1->keydata.dh;
@@ -234,9 +242,11 @@ openssldh_paramcompare(const dst_key_t *key1, const dst_key_t *key2) {
DH_get0_pqg(dh2, &p2, NULL, &g2);
if (BN_cmp(p1, p2) != 0 || BN_cmp(g1, g2) != 0) {
- return (false);
+ DST_RET(false);
}
- return (true);
+
+err:
+ return (ret);
}
static int
@@ -386,7 +396,8 @@ uint16_fromregion(isc_region_t *region) {
static isc_result_t
openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
- DH *dh;
+ isc_result_t ret = ISC_R_SUCCESS;
+ DH *dh;
const BIGNUM *pub_key = NULL, *p = NULL, *g = NULL;
isc_region_t r;
uint16_t dnslen, plen, glen, publen;
@@ -412,7 +423,7 @@ openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
publen = BN_num_bytes(pub_key);
dnslen = plen + glen + publen + 6;
if (r.length < (unsigned int)dnslen) {
- return (ISC_R_NOSPACE);
+ DST_RET(ISC_R_NOSPACE);
}
uint16_toregion(plen, &r);
@@ -441,7 +452,8 @@ openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
isc_buffer_add(data, dnslen);
- return (ISC_R_SUCCESS);
+err:
+ return (ret);
}
static isc_result_t
@@ -659,11 +671,6 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
DH *dh = NULL;
BIGNUM *pub_key = NULL, *priv_key = NULL, *p = NULL, *g = NULL;
isc_mem_t *mctx;
-#define DST_RET(a) \
- { \
- ret = a; \
- goto err; \
- }
UNUSED(pub);
mctx = key->mctx;
--
2.23.0
|
