tss2/0004-utils-Clean-up-certifyx509-memory-allocation.patch

112 lines
4.5 KiB
Diff
Raw Normal View History

From d77514273aa88f67b85c398a222ab2195c42f5fd Mon Sep 17 00:00:00 2001
From: Ken Goldman <kgold@linux.ibm.com>
Date: Tue, 31 Aug 2021 13:45:21 -0400
Subject: [PATCH 4/7] utils: Clean up certifyx509 memory allocation
Make TPM_ADDTOCERT input const. Annotate malloc and free calls. Free
TPM_PARTIAL_CERT. Use TPM_ADDTOCERT_free. Remove unused
x509IssuerName and x509SubjectName and their frees. Free
TPM_PARTIAL_CERT issuer and subject because createX509Name() mallocs.
Signed-off-by: Ken Goldman <kgold@linux.ibm.com>
---
utils/certifyx509.c | 26 +++++++++++++++++---------
1 file changed, 17 insertions(+), 9 deletions(-)
diff --git a/utils/certifyx509.c b/utils/certifyx509.c
index 5602f62..8ac5abd 100644
--- a/utils/certifyx509.c
+++ b/utils/certifyx509.c
@@ -147,7 +147,7 @@ TPM_RC createPartialCertificate(TPM_PARTIAL_CERT *certificate,
TPM_RC reformCertificate(X509 *x509Certificate,
TPMI_ALG_HASH halg,
TPMI_ALG_SIG_SCHEME scheme,
- TPM_ADDTOCERT *addToCert,
+ const TPM_ADDTOCERT *addToCert,
TPMT_SIGNATURE *tSignature);
TPM_RC addSignatureRsa(X509 *x509Certificate,
TPMI_ALG_HASH halg,
@@ -618,7 +618,7 @@ int main(int argc, char *argv[])
if (rc == 0) {
if (verbose) X509_print_fp(stdout, x509Certificate); /* for debug */
rc = convertX509ToDer(&x509DerLength,
- &x509Der, /* freed @2 */
+ &x509Der, /* freed @4 */
x509Certificate);
}
if ((rc == 0) && (outCertificateFilename != NULL)) {
@@ -628,8 +628,13 @@ int main(int argc, char *argv[])
if (x509Certificate != NULL) {
X509_free(x509Certificate); /* @1 */
}
- free(x509Der); /* @2 */
- OPENSSL_free(addToCert); /* @3 */
+ if (partialCertificate != NULL) {
+ TPM_PARTIAL_CERT_free(partialCertificate); /* @2 */
+ }
+ if (addToCert != NULL) {
+ TPM_ADDTOCERT_free(addToCert); /* @3 */
+ }
+ free(x509Der); /* @4 */
return rc;
}
@@ -683,8 +688,6 @@ TPM_RC createPartialCertificate(TPM_PARTIAL_CERT *partialCertificate, /* input /
int irc;
ASN1_TIME *arc; /* return code */
- X509_NAME *x509IssuerName = NULL; /* composite issuer name, key/value pairs */
- X509_NAME *x509SubjectName = NULL;/* composite subject name, key/value pairs */
size_t issuerEntriesSize = sizeof(issuerEntries)/sizeof(char *);
size_t subjectEntriesSize = sizeof(subjectEntries)/sizeof(char *);
uint8_t *tmpPartialDer = NULL; /* for the i2d */
@@ -693,6 +696,9 @@ TPM_RC createPartialCertificate(TPM_PARTIAL_CERT *partialCertificate, /* input /
if (rc == 0) {
if (verbose) printf("createPartialCertificate: Adding issuer, size %lu\n",
(unsigned long)issuerEntriesSize);
+ /* _new allocates the member. free it because createX509Name() allocates a new structure */
+ X509_NAME_free(partialCertificate->issuer);
+ partialCertificate->issuer = NULL;
rc = createX509Name(&partialCertificate->issuer, /* freed @1 */
issuerEntriesSize,
issuerEntries);
@@ -746,6 +752,8 @@ TPM_RC createPartialCertificate(TPM_PARTIAL_CERT *partialCertificate, /* input /
if (!subeqiss) {
if (verbose) printf("createPartialCertificate: Adding subject, size %lu\n",
(unsigned long)subjectEntriesSize);
+ X509_NAME_free(partialCertificate->subject);
+ partialCertificate->subject = NULL;
rc = createX509Name(&partialCertificate->subject, /* freed @2 */
subjectEntriesSize,
subjectEntries);
@@ -754,6 +762,8 @@ TPM_RC createPartialCertificate(TPM_PARTIAL_CERT *partialCertificate, /* input /
else {
if (verbose) printf("createPartialCertificate: Adding subject (issuer), size %lu\n",
(unsigned long)issuerEntriesSize);
+ X509_NAME_free(partialCertificate->subject);
+ partialCertificate->subject = NULL;
rc = createX509Name(&partialCertificate->subject, /* freed @2 */
issuerEntriesSize,
issuerEntries);
@@ -806,8 +816,6 @@ TPM_RC createPartialCertificate(TPM_PARTIAL_CERT *partialCertificate, /* input /
if (verbose) X509_print_fp(stdout, x509Certificate);
}
#endif
- X509_NAME_free(x509IssuerName); /* @1 */
- X509_NAME_free(x509SubjectName); /* @2 */
OPENSSL_free(tmpPartialDer); /* @3 */
return rc;
}
@@ -956,7 +964,7 @@ TPM_RC addPartialCertExtensionTpmaOid(TPM_PARTIAL_CERT *partialCertificate,
TPM_RC reformCertificate(X509 *x509Certificate,
TPMI_ALG_HASH halg,
TPMI_ALG_SIG_SCHEME scheme,
- TPM_ADDTOCERT *addToCert,
+ const TPM_ADDTOCERT *addToCert,
TPMT_SIGNATURE *tSignature)
{
TPM_RC rc = 0;
--
2.34.1