PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 04:31:29 +00:00
Code Issues Projects Releases Wiki Activity

Fix a memory leak when getting SSL cert with RSA key in NSE

Browse Source
This commit is contained in:
dmiller
2019-06-20 23:11:10 +00:00
parent c752223c7b
commit ace7fbd0bd
2 changed files with 36 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
nse_openssl.cc
View File

@@ -46,6 +46,7 @@
typedef struct bignum_data { typedef struct bignum_data {
BIGNUM * bn; BIGNUM * bn;
bool should_free;
} bignum_data_t; } bignum_data_t;
static int nse_pushbn( lua_State *L, BIGNUM *num) static int nse_pushbn( lua_State *L, BIGNUM *num)
@@ -54,6 +55,8 @@ static int nse_pushbn( lua_State *L, BIGNUM *num )
luaL_getmetatable( L, "BIGNUM" ); luaL_getmetatable( L, "BIGNUM" );
lua_setmetatable( L, -2 ); lua_setmetatable( L, -2 );
data->bn = num; data->bn = num;
/* Currently this is true for all uses in this file. */
data->should_free = true;
return 1; return 1;
} }
@@ -235,7 +238,9 @@ static int l_bignum_bn2hex( lua_State *L ) /** bignum_bn2hex( BIGNUM bn ) */
static int l_bignum_free( lua_State *L ) /** bignum_free( bignum ) */ static int l_bignum_free( lua_State *L ) /** bignum_free( bignum ) */
{ {
bignum_data_t * userdata = (bignum_data_t *) luaL_checkudata(L, 1, "BIGNUM"); bignum_data_t * userdata = (bignum_data_t *) luaL_checkudata(L, 1, "BIGNUM");
if (userdata->should_free) {
BN_clear_free( userdata->bn ); BN_clear_free( userdata->bn );
}
return 0; return 0;
} }

9
nse_ssl_cert.cc
View File

@@ -170,12 +170,11 @@ struct cert_userdata {
int attributes_table; int attributes_table;
}; };
/* from nse_openssl.cc */
typedef struct bignum_data { typedef struct bignum_data {
BIGNUM * bn; BIGNUM * bn;
bool should_free;
} bignum_data_t; } bignum_data_t;
SSL *nse_nsock_get_ssl(lua_State *L); SSL *nse_nsock_get_ssl(lua_State *L);
/* This is a reference to a table that will be used as the metatable for /* This is a reference to a table that will be used as the metatable for
@@ -633,6 +632,7 @@ static int parse_ssl_cert(lua_State *L, X509 *cert)
if (pubkey == NULL) { if (pubkey == NULL) {
lua_pushnil(L); lua_pushnil(L);
lua_pushfstring(L, "Error parsing cert: %s", ERR_error_string(ERR_get_error(), NULL)); lua_pushfstring(L, "Error parsing cert: %s", ERR_error_string(ERR_get_error(), NULL));
X509_free(cert);
return 2; return 2;
} }
#define NSE_NUM_PKEY_FIELDS 4 #define NSE_NUM_PKEY_FIELDS 4
@@ -651,10 +651,12 @@ static int parse_ssl_cert(lua_State *L, X509 *cert)
#endif #endif
if (pkey_type == EVP_PKEY_RSA) { if (pkey_type == EVP_PKEY_RSA) {
RSA *rsa = EVP_PKEY_get1_RSA(pubkey); RSA *rsa = EVP_PKEY_get1_RSA(pubkey);
if (rsa) {
/* exponent */ /* exponent */
bignum_data_t * data = (bignum_data_t *) lua_newuserdata( L, sizeof(bignum_data_t)); bignum_data_t * data = (bignum_data_t *) lua_newuserdata( L, sizeof(bignum_data_t));
luaL_getmetatable( L, "BIGNUM" ); luaL_getmetatable( L, "BIGNUM" );
lua_setmetatable( L, -2 ); lua_setmetatable( L, -2 );
data->should_free = false;
#if HAVE_OPAQUE_STRUCTS #if HAVE_OPAQUE_STRUCTS
const BIGNUM *n, *e; const BIGNUM *n, *e;
RSA_get0_key(rsa, &n, &e, NULL); RSA_get0_key(rsa, &n, &e, NULL);
@@ -667,12 +669,15 @@ static int parse_ssl_cert(lua_State *L, X509 *cert)
data = (bignum_data_t *) lua_newuserdata( L, sizeof(bignum_data_t)); data = (bignum_data_t *) lua_newuserdata( L, sizeof(bignum_data_t));
luaL_getmetatable( L, "BIGNUM" ); luaL_getmetatable( L, "BIGNUM" );
lua_setmetatable( L, -2 ); lua_setmetatable( L, -2 );
data->should_free = false;
#if HAVE_OPAQUE_STRUCTS #if HAVE_OPAQUE_STRUCTS
data->bn = (BIGNUM*) n; data->bn = (BIGNUM*) n;
#else #else
data->bn = rsa->n; data->bn = rsa->n;
#endif #endif
lua_setfield(L, -2, "modulus"); lua_setfield(L, -2, "modulus");
RSA_free(rsa);
}
} }
lua_pushstring(L, pkey_type_to_string(pkey_type)); lua_pushstring(L, pkey_type_to_string(pkey_type));
lua_setfield(L, -2, "type"); lua_setfield(L, -2, "type");