Fix a memory leak when getting SSL cert with RSA key in NSE

2025-12-06 04:31:29 +00:00 · 2019-06-20 23:11:10 +00:00
parent c752223c7b
commit ace7fbd0bd
2 changed files with 36 additions and 26 deletions
--- a/nse_openssl.cc
+++ b/nse_openssl.cc
@@ -46,14 +46,17 @@
 typedef struct bignum_data {
  BIGNUM * bn;
  bool should_free;
 } bignum_data_t;
-static int nse_pushbn( lua_State *L, BIGNUM *num )
+static int nse_pushbn( lua_State *L, BIGNUM *num)
 {
  bignum_data_t * data = (bignum_data_t *) lua_newuserdata( L, sizeof(bignum_data_t));
  luaL_getmetatable( L, "BIGNUM" );
  lua_setmetatable( L, -2 );
  data->bn = num;
  /* Currently this is true for all uses in this file. */
  data->should_free = true;
  return 1;
 }
@@ -235,7 +238,9 @@ static int l_bignum_bn2hex( lua_State *L ) /** bignum_bn2hex( BIGNUM bn ) */
 static int l_bignum_free( lua_State *L ) /** bignum_free( bignum ) */
 {
  bignum_data_t * userdata = (bignum_data_t *) luaL_checkudata(L, 1, "BIGNUM");
-  BN_clear_free( userdata->bn );
+  if (userdata->should_free) {
    BN_clear_free( userdata->bn );
  }
  return 0;
 }
--- a/nse_ssl_cert.cc
+++ b/nse_ssl_cert.cc
@@ -170,12 +170,11 @@ struct cert_userdata {
  int attributes_table;
 };
 /* from nse_openssl.cc */
 typedef struct bignum_data {
  BIGNUM * bn;
  bool should_free;
 } bignum_data_t;
 SSL *nse_nsock_get_ssl(lua_State *L);
 /* This is a reference to a table that will be used as the metatable for
@@ -633,6 +632,7 @@ static int parse_ssl_cert(lua_State *L, X509 *cert)
  if (pubkey == NULL) {
    lua_pushnil(L);
    lua_pushfstring(L, "Error parsing cert: %s", ERR_error_string(ERR_get_error(), NULL));
    X509_free(cert);
    return 2;
  }
 #define NSE_NUM_PKEY_FIELDS 4
@@ -651,28 +651,33 @@ static int parse_ssl_cert(lua_State *L, X509 *cert)
 #endif
  if (pkey_type == EVP_PKEY_RSA) {
    RSA *rsa = EVP_PKEY_get1_RSA(pubkey);
-    /* exponent */
+    if (rsa) {
-    bignum_data_t * data = (bignum_data_t *) lua_newuserdata( L, sizeof(bignum_data_t));
+      /* exponent */
-    luaL_getmetatable( L, "BIGNUM" );
+      bignum_data_t * data = (bignum_data_t *) lua_newuserdata( L, sizeof(bignum_data_t));
-    lua_setmetatable( L, -2 );
+      luaL_getmetatable( L, "BIGNUM" );
-  #if HAVE_OPAQUE_STRUCTS
+      lua_setmetatable( L, -2 );
-    const BIGNUM *n, *e;
+      data->should_free = false;
-    RSA_get0_key(rsa, &n, &e, NULL);
+#if HAVE_OPAQUE_STRUCTS
-    data->bn = (BIGNUM*) e;
+      const BIGNUM *n, *e;
-  #else
+      RSA_get0_key(rsa, &n, &e, NULL);
-    data->bn = rsa->e;
+      data->bn = (BIGNUM*) e;
-  #endif
+#else
-    lua_setfield(L, -2, "exponent");
+      data->bn = rsa->e;
-    /* modulus */
+#endif
-    data = (bignum_data_t *) lua_newuserdata( L, sizeof(bignum_data_t));
+      lua_setfield(L, -2, "exponent");
-    luaL_getmetatable( L, "BIGNUM" );
+      /* modulus */
-    lua_setmetatable( L, -2 );
+      data = (bignum_data_t *) lua_newuserdata( L, sizeof(bignum_data_t));
-  #if HAVE_OPAQUE_STRUCTS
+      luaL_getmetatable( L, "BIGNUM" );
-    data->bn = (BIGNUM*) n;
+      lua_setmetatable( L, -2 );
-  #else
+      data->should_free = false;
-    data->bn = rsa->n;
+#if HAVE_OPAQUE_STRUCTS
-  #endif
+      data->bn = (BIGNUM*) n;
-    lua_setfield(L, -2, "modulus");
+#else
      data->bn = rsa->n;
 #endif
      lua_setfield(L, -2, "modulus");
      RSA_free(rsa);
    }
  }
  lua_pushstring(L, pkey_type_to_string(pkey_type));
  lua_setfield(L, -2, "type");