From: Danny Hu <dannyhu@arista.com>
To: keyrings@vger.kernel.org
Cc: dhowells@redhat.com, dwmw2@infradead.org, Danny Hu <dannyhu@arista.com>
Subject: [PATCH 1/2] sign-file: Fix memory leaks in the sign-file tool
Date: Fri, 18 Jul 2025 16:45:40 -0700 [thread overview]
Message-ID: <20250718234541.3087-1-dannyhu@arista.com> (raw)
Fix memory leaks in the sign-file tool by:
1. Freeing the strings that have been allocated via asprintf.
This includes sig_file_name and dest_name.
2. Initialize X509 and EVP_PKEY pointers with NULL to avoid
compiler warnings about uninitalized variables.
3. Ensuring that any structs which have been allocated are freed
with their respective free functions.
Signed-off-by: Danny Hu <dannyhu@arista.com>
---
scripts/sign-file.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/scripts/sign-file.c b/scripts/sign-file.c
index 7070245edfc1..0fa9b75f1c77 100644
--- a/scripts/sign-file.c
+++ b/scripts/sign-file.c
@@ -230,14 +230,14 @@ int main(int argc, char **argv)
unsigned long module_size, sig_size;
unsigned int use_signed_attrs;
const EVP_MD *digest_algo;
- EVP_PKEY *private_key;
+ EVP_PKEY *private_key = NULL;
#ifndef USE_PKCS7
CMS_ContentInfo *cms = NULL;
unsigned int use_keyid = 0;
#else
PKCS7 *pkcs7 = NULL;
#endif
- X509 *x509;
+ X509 *x509 = NULL;
BIO *bd, *bm;
int opt, n;
OpenSSL_add_all_algorithms();
@@ -351,6 +351,7 @@ int main(int argc, char **argv)
ERR(i2d_PKCS7_bio(b, pkcs7) != 1,
"%s", sig_file_name);
#endif
+ free(sig_file_name);
BIO_free(b);
}
@@ -377,10 +378,14 @@ int main(int argc, char **argv)
module_size = BIO_number_written(bd);
if (!raw_sig) {
+ EVP_PKEY_free(private_key);
+ X509_free(x509);
#ifndef USE_PKCS7
ERR(i2d_CMS_bio_stream(bd, cms, NULL, 0) != 1, "%s", dest_name);
+ CMS_ContentInfo_free(cms);
#else
ERR(i2d_PKCS7_bio(bd, pkcs7) != 1, "%s", dest_name);
+ PKCS7_free(pkcs7);
#endif
} else {
BIO *b;
@@ -406,5 +411,6 @@ int main(int argc, char **argv)
if (replace_orig)
ERR(rename(dest_name, module_name) < 0, "%s", dest_name);
+ free(dest_name);
return 0;
}
--
2.47.0
next reply other threads:[~2025-07-18 23:46 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-18 23:45 Danny Hu [this message]
2025-07-18 23:45 ` [PATCH 2/2] sign-file: Extend sign-file tool to allow for certificate to be embedded in the signature Danny Hu
2025-07-22 19:32 ` [PATCH 1/2] sign-file: Fix memory leaks in the sign-file tool David Howells
2025-07-22 20:34 ` Danny Hu
2025-08-13 22:51 ` Danny Hu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250718234541.3087-1-dannyhu@arista.com \
--to=dannyhu@arista.com \
--cc=dhowells@redhat.com \
--cc=dwmw2@infradead.org \
--cc=keyrings@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).