fix: free EVP_PKEY_CTX leak in _new_key_from_parameters()#99
Conversation
|
@toddr-bot rebase |
Rebase: fix: free EVP_PKEY_CTX leak in _new_key_from_parameters()Branch Diff: 1 file changed, 1 insertion(+), 4 deletions(-) Review feedback was analyzed and applied. Actions
Automated by Kōan |
toddr-bot
force-pushed
the
koan.toddr.bot/fix-evp-pkey-ctx-leak
branch
from
6432ff7 to
80a0548
Compare
|
@toddr-bot review: perl -I blib/lib/ -I blib/arch/ t/bignum.t |
|
❌ Permission denied. Only users with write access can trigger bot commands. |
|
@toddr I can't give your bot commands Tell it needs to be followed with pctx = NULL: |
|
@Koan-Bot @toddr-bot review |
timlegge
left a comment
timlegge
left a comment
There was a problem hiding this comment.
need changes as perl comment
pcrx = NULL;
|
@toddr-bot rebase |
…meters() On the OpenSSL 3.x code path, three resources were leaked: - test_ctx (EVP_PKEY_CTX for key validation) was never freed after EVP_PKEY_check(). Fixed by capturing the check result, freeing test_ctx, then testing the result. - pctx (EVP_PKEY_CTX for fromdata) was never freed in either the if(p||q) or else branch. Added EVP_PKEY_CTX_free(pctx) after EVP_PKEY_fromdata() succeeds in both branches. - params_build (OSSL_PARAM_BLD) and params (OSSL_PARAM) were freed in the if(p||q) branch but leaked in the else branch. Added matching frees. All three resources are also freed in the err: cleanup path (guarded by #if OPENSSL_VERSION_NUMBER >= 0x30000000L) to handle THROW() jumps. Normal-path frees NULL the pointers to prevent double-free on fall-through to err:. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
toddr-bot
force-pushed
the
koan.toddr.bot/fix-evp-pkey-ctx-leak
branch
from
80a0548 to
8ec0346
Compare
Rebase: fix: free EVP_PKEY_CTX leak in _new_key_from_parameters()Branch Diff: 1 file changed, 3 insertions(+), 6 deletions(-) Review feedback was analyzed and applied. Actions
CICI passed. Automated by Kōan |
|
❌ Permission denied. Only users with write access can trigger bot commands. |
3 participants
What
Free leaked
EVP_PKEY_CTX,OSSL_PARAM_BLD, andOSSL_PARAMresources in_new_key_from_parameters()on the OpenSSL 3.x code path.Why
Three memory leaks on every call to
_new_key_from_parameters()with OpenSSL 3.x:test_ctx— allocated forEVP_PKEY_check(), never freedpctx— allocated forEVP_PKEY_fromdata(), never freed in either branchparams_build/params— freed in theif(p||q)branch but leaked in theelsebranchHow
test_ctx: CaptureEVP_PKEY_check()result, freetest_ctximmediately, then THROW on failure. This ensures cleanup even when the check fails.pctx/params_build/params: Free afterEVP_PKEY_fromdata()in both branches (if/else), NULL the pointers to prevent double-free on fall-through.#if-guarded cleanup inerr:label soTHROW()jumps also free these resources. The NULL-after-free in normal paths makes this safe.All three OpenSSL free functions (
EVP_PKEY_CTX_free,OSSL_PARAM_BLD_free,OSSL_PARAM_free) are documented as no-ops on NULL input.Testing
🤖 Generated with Claude Code
Quality Report
Changes: 1 file changed, 18 insertions(+), 1 deletion(-)
Code scan: clean
Tests: passed (OK)
Branch hygiene: clean
Generated by Kōan post-mission quality pipeline