From 8c30857e8fe943227b636826fceeab411c8b4628 Mon Sep 17 00:00:00 2001 From: Bernd Edlinger Date: Mon, 22 Jan 2024 16:02:59 +0100 Subject: [PATCH] Fix a possible memory leak in req_main if the private key is output to stdout using the HARNESS_OSSL_PREFIX, out is a stack of BIOs and must therefore free'd using BIO_free_all. Steps to reproduce: $ HARNESS_OSSL_PREFIX=x OPENSSL_CONF=apps/openssl.cnf util/shlib_wrap.sh apps/openssl req -new -keyout - -passout pass: Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/23365) (cherry picked from commit ff78d94b131d7bb3b761509d3ce0dd864b1420e3) --- apps/req.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/req.c b/apps/req.c index 3ce2b384969b6..00ef231e11574 100644 --- a/apps/req.c +++ b/apps/req.c @@ -704,7 +704,7 @@ int req_main(int argc, char **argv) } goto end; } - BIO_free(out); + BIO_free_all(out); out = NULL; BIO_printf(bio_err, "-----\n"); }