[pkg-opensc-commit] [libp11] 72/86: Fixed a slot list memory leak in the engine code
Eric Dorland
eric at moszumanska.debian.org
Sun Jul 24 21:40:24 UTC 2016
This is an automated email from the git hooks/post-receive script.
eric pushed a commit to branch master
in repository libp11.
commit 14cd0d328fff96b79fabcc30257e358399c8ad25
Author: Michał Trojnara <Michal.Trojnara at stunnel.org>
Date: Tue Mar 15 16:26:49 2016 +0100
Fixed a slot list memory leak in the engine code
---
src/eng_back.c | 62 +++++++++++++++++++++++++---------------------------------
1 file changed, 27 insertions(+), 35 deletions(-)
diff --git a/src/eng_back.c b/src/eng_back.c
index 533f928..656b3fa 100644
--- a/src/eng_back.c
+++ b/src/eng_back.c
@@ -36,6 +36,8 @@
struct st_engine_ctx {
PKCS11_CTX *pkcs11_ctx;
+ PKCS11_SLOT *slot_list;
+ unsigned int slot_count;
/*
* The PIN used for login. Cache for the get_pin function.
* The memory for this PIN is always owned internally,
@@ -123,6 +125,10 @@ ENGINE_CTX *pkcs11_new()
int pkcs11_finish(ENGINE_CTX *ctx)
{
if (ctx) {
+ if (ctx->slot_list) {
+ PKCS11_release_all_slots(ctx->pkcs11_ctx,
+ ctx->slot_list, ctx->slot_count);
+ }
if (ctx->pkcs11_ctx) {
PKCS11_CTX_unload(ctx->pkcs11_ctx);
PKCS11_CTX_free(ctx->pkcs11_ctx);
@@ -154,6 +160,15 @@ int pkcs11_init(ENGINE_CTX *ctx)
fprintf(stderr, "Unable to load module %s\n", mod);
return 0;
}
+ if (PKCS11_enumerate_slots(ctx->pkcs11_ctx,
+ &ctx->slot_list, &ctx->slot_count) < 0) {
+ fprintf(stderr, "Failed to enumerate slots\n");
+ return 0;
+ }
+ if (ctx->verbose) {
+ fprintf(stderr, "Found %u slot%s\n", ctx->slot_count,
+ (ctx->slot_count <= 1) ? "" : "s");
+ }
return 1;
}
@@ -166,12 +181,12 @@ int pkcs11_init(ENGINE_CTX *ctx)
static X509 *pkcs11_load_cert(ENGINE_CTX *ctx, const char *s_slot_cert_id)
{
- PKCS11_SLOT *slot_list, *slot;
+ PKCS11_SLOT *slot;
PKCS11_SLOT *found_slot = NULL;
PKCS11_TOKEN *tok, *match_tok = NULL;
PKCS11_CERT *certs, *selected_cert = NULL;
X509 *x509;
- unsigned int slot_count, cert_count, n, m;
+ unsigned int cert_count, n, m;
unsigned char cert_id[MAX_VALUE_LEN / 2];
size_t cert_id_len = sizeof(cert_id);
char *cert_label = NULL;
@@ -226,17 +241,8 @@ static X509 *pkcs11_load_cert(ENGINE_CTX *ctx, const char *s_slot_cert_id)
}
}
- if (PKCS11_enumerate_slots(ctx->pkcs11_ctx, &slot_list, &slot_count) < 0) {
- fprintf(stderr, "Failed to enumerate slots\n");
- return NULL;
- }
-
- if (ctx->verbose) {
- fprintf(stderr, "Found %u slot%s\n", slot_count,
- (slot_count <= 1) ? "" : "s");
- }
- for (n = 0; n < slot_count; n++) {
- slot = slot_list + n;
+ for (n = 0; n < ctx->slot_count; n++) {
+ slot = ctx->slot_list + n;
flags[0] = '\0';
if (slot->token) {
if (!slot->token->initialized)
@@ -295,20 +301,19 @@ static X509 *pkcs11_load_cert(ENGINE_CTX *ctx, const char *s_slot_cert_id)
fprintf(stderr, "Specified object not found\n");
return NULL;
} else if (slot_nr == -1) {
- if (!(slot = PKCS11_find_token(ctx->pkcs11_ctx, slot_list, slot_count))) {
+ if (!(slot = PKCS11_find_token(ctx->pkcs11_ctx,
+ ctx->slot_list, ctx->slot_count))) {
fprintf(stderr, "No tokens found\n");
return NULL;
}
} else {
fprintf(stderr, "Invalid slot number: %d\n", slot_nr);
- PKCS11_release_all_slots(ctx->pkcs11_ctx, slot_list, slot_count);
return NULL;
}
tok = slot->token;
if (tok == NULL) {
fprintf(stderr, "Empty token found\n");
- PKCS11_release_all_slots(ctx->pkcs11_ctx, slot_list, slot_count);
return NULL;
}
@@ -330,7 +335,6 @@ static X509 *pkcs11_load_cert(ENGINE_CTX *ctx, const char *s_slot_cert_id)
if (PKCS11_enumerate_certs(tok, &certs, &cert_count)) {
fprintf(stderr, "Unable to enumerate certificates\n");
- PKCS11_release_all_slots(ctx->pkcs11_ctx, slot_list, slot_count);
return NULL;
}
@@ -358,7 +362,6 @@ static X509 *pkcs11_load_cert(ENGINE_CTX *ctx, const char *s_slot_cert_id)
if (selected_cert == NULL) {
fprintf(stderr, "Certificate not found.\n");
- PKCS11_release_all_slots(ctx->pkcs11_ctx, slot_list, slot_count);
return NULL;
}
@@ -451,13 +454,13 @@ static int pkcs11_login(ENGINE_CTX *ctx, PKCS11_SLOT *slot, PKCS11_TOKEN *tok,
static EVP_PKEY *pkcs11_load_key(ENGINE_CTX *ctx, const char *s_slot_key_id,
UI_METHOD * ui_method, void *callback_data, int isPrivate)
{
- PKCS11_SLOT *slot_list, *slot;
+ PKCS11_SLOT *slot;
PKCS11_SLOT *found_slot = NULL;
PKCS11_TOKEN *tok, *match_tok = NULL;
PKCS11_KEY *keys, *selected_key = NULL;
PKCS11_CERT *certs;
EVP_PKEY *pk;
- unsigned int slot_count, cert_count, key_count, n, m;
+ unsigned int cert_count, key_count, n, m;
unsigned char key_id[MAX_VALUE_LEN / 2];
size_t key_id_len = sizeof(key_id);
char *key_label = NULL;
@@ -517,17 +520,8 @@ static EVP_PKEY *pkcs11_load_key(ENGINE_CTX *ctx, const char *s_slot_key_id,
}
}
- if (PKCS11_enumerate_slots(ctx->pkcs11_ctx, &slot_list, &slot_count) < 0) {
- fprintf(stderr, "Failed to enumerate slots\n");
- return NULL;
- }
-
- if (ctx->verbose) {
- fprintf(stderr, "Found %u slot%s\n", slot_count,
- (slot_count <= 1) ? "" : "s");
- }
- for (n = 0; n < slot_count; n++) {
- slot = slot_list + n;
+ for (n = 0; n < ctx->slot_count; n++) {
+ slot = ctx->slot_list + n;
flags[0] = '\0';
if (slot->token) {
if (!slot->token->initialized)
@@ -586,20 +580,19 @@ static EVP_PKEY *pkcs11_load_key(ENGINE_CTX *ctx, const char *s_slot_key_id,
fprintf(stderr, "Specified object not found\n");
return NULL;
} else if (slot_nr == -1) {
- if (!(slot = PKCS11_find_token(ctx->pkcs11_ctx, slot_list, slot_count))) {
+ if (!(slot = PKCS11_find_token(ctx->pkcs11_ctx,
+ ctx->slot_list, ctx->slot_count))) {
fprintf(stderr, "No tokens found\n");
return NULL;
}
} else {
fprintf(stderr, "Invalid slot number: %d\n", slot_nr);
- PKCS11_release_all_slots(ctx->pkcs11_ctx, slot_list, slot_count);
return NULL;
}
tok = slot->token;
if (tok == NULL) {
fprintf(stderr, "Found empty token\n");
- PKCS11_release_all_slots(ctx->pkcs11_ctx, slot_list, slot_count);
return NULL;
}
/* The following check is non-critical to ensure interoperability
@@ -608,7 +601,6 @@ static EVP_PKEY *pkcs11_load_key(ENGINE_CTX *ctx, const char *s_slot_key_id,
fprintf(stderr, "Found uninitialized token\n");
if (isPrivate && !tok->userPinSet && !tok->readOnly) {
fprintf(stderr, "Found slot without user PIN\n");
- PKCS11_release_all_slots(ctx->pkcs11_ctx, slot_list, slot_count);
return NULL;
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/libp11.git
More information about the pkg-opensc-commit
mailing list