common/ssl_util: Fix memory leak in ssl_mkreq()

uri_uuid was allocated by mem_printf(). In the comment it was stated that it will be freed if the corresponding req struct is freed. But that is not the case. Just free it now at the end of ssl_mkreq(). This fixes the following asan error: ================================================================= ==229==ERROR: LeakSanitizer: detected memory leaks Direct leak of 46 byte(s) in 1 object(s) allocated from: #0 0x7f2375007a2a in __interceptor_malloc ../../../../../../../../../work-shared/gcc-11.4.0-r0/gcc-11.4.0/libsanitizer/asan/asan_malloc_linux.cpp:145 #1 0x7f2374dd8236 in __vasprintf_internal /usr/src/debug/glibc/2.35-r0/git/libio/vasprintf.c:71 #2 0x7ffd7b4def97 ([stack]+0x1ff97) Fixes: ed54281 ("trustme github release (based on Android 5.1.1)") Signed-off-by: Michael Weiß <[email protected]>
gyroidos · Sep 30, 2024 · 8f5af2b · 8f5af2b
1 parent fb64450
commit 8f5af2b
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/common/ssl_util.c b/common/ssl_util.c
@@ -475,10 +475,10 @@ ssl_mkreq(EVP_PKEY *pkeyp, const char *common_name, const char *uid, UNUSED bool
 		goto error;
 	}
 
-	// free'd when X509_req is free'd
 	char *uri_uuid = mem_printf("URI:UUID:%s", uid);
 	if (add_ext_req(exts, NID_subject_alt_name, uri_uuid) != 0) {
 		ERROR("Error setting CSR extension (NID_subject_alt_name)");
+		mem_free0(uri_uuid);
 		goto error;
 	}
 
@@ -505,6 +505,7 @@ ssl_mkreq(EVP_PKEY *pkeyp, const char *common_name, const char *uid, UNUSED bool
 
 	DEBUG("Certificate request signed");
 
+	mem_free0(uri_uuid);
 	return req;
 
 error: