From b50d5e532c53cbd7a48dd0864aeb9676486f67d0 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Fri, 19 Jul 2019 20:39:10 +0200 Subject: [PATCH] _asn1_expand_object_id: fix memory leak on error Signed-off-by: Nikos Mavrogiannopoulos --- lib/ASN1.y | 2 +- lib/parser_aux.c | 24 ++++++++++++++++++++++-- lib/parser_aux.h | 2 +- lib/structure.c | 2 +- 4 files changed, 25 insertions(+), 5 deletions(-) diff --git a/lib/ASN1.y b/lib/ASN1.y index 97f5a5c..5009173 100644 --- a/lib/ASN1.y +++ b/lib/ASN1.y @@ -703,7 +703,7 @@ asn1_parser2tree (const char *file, asn1_node * definitions, /* Convert into DER coding the value assign to INTEGER constants */ _asn1_change_integer_value (p_tree); /* Expand the IDs of OBJECT IDENTIFIER constants */ - result_parse = _asn1_expand_object_id (e_list, p_tree); + result_parse = _asn1_expand_object_id (&e_list, p_tree); if (result_parse != ASN1_SUCCESS) goto error; diff --git a/lib/parser_aux.c b/lib/parser_aux.c index 4232dc1..305cf16 100644 --- a/lib/parser_aux.c +++ b/lib/parser_aux.c @@ -65,6 +65,24 @@ _asn1_add_static_node (list_type **e_list, unsigned int type) return punt; } +static +int _asn1_add_static_node2 (list_type **e_list, asn1_node node) +{ + list_type *p; + + p = malloc (sizeof (list_type)); + if (p == NULL) + { + return -1; + } + + p->node = node; + p->next = *e_list; + *e_list = p; + + return 0; +} + /** * asn1_find_node: * @pointer: NODE_ASN element pointer. @@ -676,7 +694,7 @@ _asn1_change_integer_value (asn1_node node) /* otherwise ASN1_SUCCESS */ /******************************************************************/ int -_asn1_expand_object_id (list_type *list, asn1_node node) +_asn1_expand_object_id (list_type **list, asn1_node node) { asn1_node p, p2, p3, p4, p5; char name_root[ASN1_MAX_NAME_SIZE], name2[2 * ASN1_MAX_NAME_SIZE + 1]; @@ -713,7 +731,7 @@ _asn1_expand_object_id (list_type *list, asn1_node node) || !(p3->type & CONST_ASSIGN)) return ASN1_ELEMENT_NOT_FOUND; _asn1_set_down (p, p2->right); - _asn1_delete_node_from_list(list, p2); + _asn1_delete_node_from_list(*list, p2); _asn1_remove_node (p2, 0); p2 = p; p4 = p3->down; @@ -730,6 +748,8 @@ _asn1_expand_object_id (list_type *list, asn1_node node) if (tlen > 0) _asn1_set_value (p5, p4->value, tlen + 1); } + _asn1_add_static_node2(list, p5); + if (p2 == p) { _asn1_set_right (p5, p->down); diff --git a/lib/parser_aux.h b/lib/parser_aux.h index 5fbdbc0..8dda857 100644 --- a/lib/parser_aux.h +++ b/lib/parser_aux.h @@ -73,7 +73,7 @@ asn1_node _asn1_find_up (asn1_node node); int _asn1_change_integer_value (asn1_node node); #define EXPAND_OBJECT_ID_MAX_RECURSION 16 -int _asn1_expand_object_id (list_type *list, asn1_node node); +int _asn1_expand_object_id (list_type **list, asn1_node node); int _asn1_type_set_config (asn1_node node); diff --git a/lib/structure.c b/lib/structure.c index 9d8684c..4e371f3 100644 --- a/lib/structure.c +++ b/lib/structure.c @@ -246,7 +246,7 @@ asn1_array2tree (const asn1_static_node * array, asn1_node * definitions, if (result == ASN1_SUCCESS) { _asn1_change_integer_value (*definitions); - result = _asn1_expand_object_id (e_list, *definitions); + result = _asn1_expand_object_id (&e_list, *definitions); } } else -- 1.8.3.1