Ything-RepoMirrors/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2026-01-25 02:56:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

fuzz/cmp.c: Correct the usages of BIO_new()

Browse Source 
Use BIO_free() to free "in" if error occurs to avoid memory leak.
Moreover, add check for "out" to avoid NULL pointer dereference.
Also replace OPENSSL_assert with return.

Fixes: e599d0a ("Add CMP fuzzing to fuzz/cmp.c, including a couple of helpers in crypto/cmp/")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Mon Jan 12 18:40:14 2026
(Merged from https://github.com/openssl/openssl/pull/27920)
This commit is contained in:
Jiasheng Jiang
2025-07-03 19:26:48 +00:00
committed by Tomas Mraz
parent eea134e1f5
commit 669815e846
1 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
fuzz/cmp.c
View File

@@ -176,13 +176,26 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
return 0;
in = BIO_new(BIO_s_mem());
OPENSSL_assert((size_t)BIO_write(in, buf, (int)len) == len);
if ((size_t)BIO_write(in, buf, (int)len) != len) {
BIO_free(in);
return 0;
}
msg = d2i_OSSL_CMP_MSG_bio(in, NULL);
if (msg != NULL) {
BIO *out = BIO_new(BIO_s_null());
OSSL_CMP_SRV_CTX *srv_ctx = OSSL_CMP_SRV_CTX_new(NULL, NULL);
OSSL_CMP_CTX *client_ctx = OSSL_CMP_CTX_new(NULL, NULL);
if (out == NULL) {
OSSL_CMP_CTX_free(client_ctx);
OSSL_CMP_SRV_CTX_free(srv_ctx);
OSSL_CMP_MSG_free(msg);
BIO_free(in);
ERR_clear_error();
return 0;
}
i2d_OSSL_CMP_MSG_bio(out, msg);
ASN1_item_print(out, (ASN1_VALUE *)msg, 4,
ASN1_ITEM_rptr(OSSL_CMP_MSG), NULL);