You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

144 lines
3.7 KiB

  1. From 1664902525a1c3771b4d8b3ccab7ea1ba6b2bdd1 Mon Sep 17 00:00:00 2001
  2. From: Holger Liebig <holger.liebig@ts.fujitsu.com>
  3. Date: Tue, 4 Apr 2017 20:43:05 +0200
  4. Subject: [PATCH 4/4] ID:480 - Call EVP_CIPHER_CTX_free() instead of
  5. EVP_CIPHER_CTX_cleanup()
  6. Call EVP_CIPHER_CTX_free() instead of EVP_CIPHER_CTX_cleanup() to fix memory
  7. leak.
  8. ---
  9. src/plugins/lanplus/lanplus_crypt_impl.c | 44 +++++++++++++++++---------------
  10. 1 file changed, 23 insertions(+), 21 deletions(-)
  11. diff --git a/src/plugins/lanplus/lanplus_crypt_impl.c b/src/plugins/lanplus/lanplus_crypt_impl.c
  12. index 0e330c1..9652a5e 100644
  13. --- a/src/plugins/lanplus/lanplus_crypt_impl.c
  14. +++ b/src/plugins/lanplus/lanplus_crypt_impl.c
  15. @@ -165,13 +165,6 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
  16. uint32_t * bytes_written)
  17. {
  18. EVP_CIPHER_CTX *ctx = NULL;
  19. - ctx = EVP_CIPHER_CTX_new();
  20. - if (ctx == NULL) {
  21. - *bytes_written = 0;
  22. - return;
  23. - }
  24. - EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
  25. - EVP_CIPHER_CTX_set_padding(ctx, 0);
  26. *bytes_written = 0;
  27. @@ -185,6 +178,14 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
  28. printbuf(input, input_length, "encrypting this data");
  29. }
  30. + ctx = EVP_CIPHER_CTX_new();
  31. + if (ctx == NULL) {
  32. + lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed");
  33. + return;
  34. + }
  35. + EVP_CIPHER_CTX_init(ctx);
  36. + EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
  37. + EVP_CIPHER_CTX_set_padding(ctx, 0);
  38. /*
  39. * The default implementation adds a whole block of padding if the input
  40. @@ -198,7 +199,6 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
  41. {
  42. /* Error */
  43. *bytes_written = 0;
  44. - return;
  45. }
  46. else
  47. {
  48. @@ -206,16 +206,17 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv,
  49. if(!EVP_EncryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
  50. {
  51. + /* Error */
  52. *bytes_written = 0;
  53. - return; /* Error */
  54. }
  55. else
  56. {
  57. /* Success */
  58. *bytes_written += tmplen;
  59. - EVP_CIPHER_CTX_cleanup(ctx);
  60. }
  61. }
  62. + /* performs cleanup and free */
  63. + EVP_CIPHER_CTX_free(ctx);
  64. }
  65. @@ -243,13 +244,6 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
  66. uint32_t * bytes_written)
  67. {
  68. EVP_CIPHER_CTX *ctx = NULL;
  69. - ctx = EVP_CIPHER_CTX_new();
  70. - if (ctx == NULL) {
  71. - *bytes_written = 0;
  72. - return;
  73. - }
  74. - EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
  75. - EVP_CIPHER_CTX_set_padding(ctx, 0);
  76. if (verbose >= 5)
  77. {
  78. @@ -258,12 +252,20 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
  79. printbuf(input, input_length, "decrypting this data");
  80. }
  81. -
  82. *bytes_written = 0;
  83. if (input_length == 0)
  84. return;
  85. + ctx = EVP_CIPHER_CTX_new();
  86. + if (ctx == NULL) {
  87. + lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed");
  88. + return;
  89. + }
  90. + EVP_CIPHER_CTX_init(ctx);
  91. + EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
  92. + EVP_CIPHER_CTX_set_padding(ctx, 0);
  93. +
  94. /*
  95. * The default implementation adds a whole block of padding if the input
  96. * data is perfectly aligned. We would like to keep that from happening.
  97. @@ -277,7 +279,6 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
  98. /* Error */
  99. lprintf(LOG_DEBUG, "ERROR: decrypt update failed");
  100. *bytes_written = 0;
  101. - return;
  102. }
  103. else
  104. {
  105. @@ -285,20 +286,21 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv,
  106. if (!EVP_DecryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen))
  107. {
  108. + /* Error */
  109. char buffer[1000];
  110. ERR_error_string(ERR_get_error(), buffer);
  111. lprintf(LOG_DEBUG, "the ERR error %s", buffer);
  112. lprintf(LOG_DEBUG, "ERROR: decrypt final failed");
  113. *bytes_written = 0;
  114. - return; /* Error */
  115. }
  116. else
  117. {
  118. /* Success */
  119. *bytes_written += tmplen;
  120. - EVP_CIPHER_CTX_cleanup(ctx);
  121. }
  122. }
  123. + /* performs cleanup and free */
  124. + EVP_CIPHER_CTX_free(ctx);
  125. if (verbose >= 5)
  126. {
  127. --
  128. 2.16.1