cert_create: fix memory leak bug caused by key container overwrite
In the current code, both key_load() and key_create() call key_new()
to allocate a key container (and they do not free it even if they
fail). If a specific key is not given by the command option,
key_load() fails, then key_create() is called. At this point, the
key container that has been allocated in key_load() is still alive,
and it is overwritten by a new key container created by key_create().
Move the key_new() call to the main() function to make sure it is
called just once for each descriptor.
While we are here, let's fix one more bug; the error handling code
ERROR("Malloc error while loading '%s'\n", keys[i].fn);
is wrong because keys[i].fn is NULL pointer unless a specific key is
given by the command option. This code could be run in either case.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
diff --git a/tools/cert_create/include/key.h b/tools/cert_create/include/key.h
index f60997f..433f72c 100644
--- a/tools/cert_create/include/key.h
+++ b/tools/cert_create/include/key.h
@@ -73,6 +73,7 @@
/* Exported API */
int key_init(void);
key_t *key_get_by_opt(const char *opt);
+int key_new(key_t *key);
int key_create(key_t *key, int type);
int key_load(key_t *key, unsigned int *err_code);
int key_store(key_t *key);
diff --git a/tools/cert_create/src/key.c b/tools/cert_create/src/key.c
index a7ee759..47c152c 100644
--- a/tools/cert_create/src/key.c
+++ b/tools/cert_create/src/key.c
@@ -49,7 +49,7 @@
/*
* Create a new key container
*/
-static int key_new(key_t *key)
+int key_new(key_t *key)
{
/* Create key pair container */
key->key = EVP_PKEY_new();
@@ -123,11 +123,6 @@
return 0;
}
- /* Create OpenSSL key container */
- if (!key_new(key)) {
- return 0;
- }
-
if (key_create_fn[type]) {
return key_create_fn[type](key);
}
@@ -140,12 +135,6 @@
FILE *fp = NULL;
EVP_PKEY *k = NULL;
- /* Create OpenSSL key container */
- if (!key_new(key)) {
- *err_code = KEY_ERR_MALLOC;
- return 0;
- }
-
if (key->fn) {
/* Load key from file */
fp = fopen(key->fn, "r");
diff --git a/tools/cert_create/src/main.c b/tools/cert_create/src/main.c
index c58f41d..dac9e57 100644
--- a/tools/cert_create/src/main.c
+++ b/tools/cert_create/src/main.c
@@ -367,6 +367,11 @@
/* Load private keys from files (or generate new ones) */
for (i = 0 ; i < num_keys ; i++) {
+ if (!key_new(&keys[i])) {
+ ERROR("Failed to allocate key container\n");
+ exit(1);
+ }
+
/* First try to load the key from disk */
if (key_load(&keys[i], &err_code)) {
/* Key loaded successfully */
@@ -374,11 +379,7 @@
}
/* Key not loaded. Check the error code */
- if (err_code == KEY_ERR_MALLOC) {
- /* Cannot allocate memory. Abort. */
- ERROR("Malloc error while loading '%s'\n", keys[i].fn);
- exit(1);
- } else if (err_code == KEY_ERR_LOAD) {
+ if (err_code == KEY_ERR_LOAD) {
/* File exists, but it does not contain a valid private
* key. Abort. */
ERROR("Error loading '%s'\n", keys[i].fn);