From d77514273aa88f67b85c398a222ab2195c42f5fd Mon Sep 17 00:00:00 2001 From: Ken Goldman Date: Tue, 31 Aug 2021 13:45:21 -0400 Subject: [PATCH 4/7] utils: Clean up certifyx509 memory allocation Make TPM_ADDTOCERT input const. Annotate malloc and free calls. Free TPM_PARTIAL_CERT. Use TPM_ADDTOCERT_free. Remove unused x509IssuerName and x509SubjectName and their frees. Free TPM_PARTIAL_CERT issuer and subject because createX509Name() mallocs. Signed-off-by: Ken Goldman --- utils/certifyx509.c | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/utils/certifyx509.c b/utils/certifyx509.c index 5602f62..8ac5abd 100644 --- a/utils/certifyx509.c +++ b/utils/certifyx509.c @@ -147,7 +147,7 @@ TPM_RC createPartialCertificate(TPM_PARTIAL_CERT *certificate, TPM_RC reformCertificate(X509 *x509Certificate, TPMI_ALG_HASH halg, TPMI_ALG_SIG_SCHEME scheme, - TPM_ADDTOCERT *addToCert, + const TPM_ADDTOCERT *addToCert, TPMT_SIGNATURE *tSignature); TPM_RC addSignatureRsa(X509 *x509Certificate, TPMI_ALG_HASH halg, @@ -618,7 +618,7 @@ int main(int argc, char *argv[]) if (rc == 0) { if (verbose) X509_print_fp(stdout, x509Certificate); /* for debug */ rc = convertX509ToDer(&x509DerLength, - &x509Der, /* freed @2 */ + &x509Der, /* freed @4 */ x509Certificate); } if ((rc == 0) && (outCertificateFilename != NULL)) { @@ -628,8 +628,13 @@ int main(int argc, char *argv[]) if (x509Certificate != NULL) { X509_free(x509Certificate); /* @1 */ } - free(x509Der); /* @2 */ - OPENSSL_free(addToCert); /* @3 */ + if (partialCertificate != NULL) { + TPM_PARTIAL_CERT_free(partialCertificate); /* @2 */ + } + if (addToCert != NULL) { + TPM_ADDTOCERT_free(addToCert); /* @3 */ + } + free(x509Der); /* @4 */ return rc; } @@ -683,8 +688,6 @@ TPM_RC createPartialCertificate(TPM_PARTIAL_CERT *partialCertificate, /* input / int irc; ASN1_TIME *arc; /* return code */ - X509_NAME *x509IssuerName = NULL; /* composite issuer name, key/value pairs */ - X509_NAME *x509SubjectName = NULL;/* composite subject name, key/value pairs */ size_t issuerEntriesSize = sizeof(issuerEntries)/sizeof(char *); size_t subjectEntriesSize = sizeof(subjectEntries)/sizeof(char *); uint8_t *tmpPartialDer = NULL; /* for the i2d */ @@ -693,6 +696,9 @@ TPM_RC createPartialCertificate(TPM_PARTIAL_CERT *partialCertificate, /* input / if (rc == 0) { if (verbose) printf("createPartialCertificate: Adding issuer, size %lu\n", (unsigned long)issuerEntriesSize); + /* _new allocates the member. free it because createX509Name() allocates a new structure */ + X509_NAME_free(partialCertificate->issuer); + partialCertificate->issuer = NULL; rc = createX509Name(&partialCertificate->issuer, /* freed @1 */ issuerEntriesSize, issuerEntries); @@ -746,6 +752,8 @@ TPM_RC createPartialCertificate(TPM_PARTIAL_CERT *partialCertificate, /* input / if (!subeqiss) { if (verbose) printf("createPartialCertificate: Adding subject, size %lu\n", (unsigned long)subjectEntriesSize); + X509_NAME_free(partialCertificate->subject); + partialCertificate->subject = NULL; rc = createX509Name(&partialCertificate->subject, /* freed @2 */ subjectEntriesSize, subjectEntries); @@ -754,6 +762,8 @@ TPM_RC createPartialCertificate(TPM_PARTIAL_CERT *partialCertificate, /* input / else { if (verbose) printf("createPartialCertificate: Adding subject (issuer), size %lu\n", (unsigned long)issuerEntriesSize); + X509_NAME_free(partialCertificate->subject); + partialCertificate->subject = NULL; rc = createX509Name(&partialCertificate->subject, /* freed @2 */ issuerEntriesSize, issuerEntries); @@ -806,8 +816,6 @@ TPM_RC createPartialCertificate(TPM_PARTIAL_CERT *partialCertificate, /* input / if (verbose) X509_print_fp(stdout, x509Certificate); } #endif - X509_NAME_free(x509IssuerName); /* @1 */ - X509_NAME_free(x509SubjectName); /* @2 */ OPENSSL_free(tmpPartialDer); /* @3 */ return rc; } @@ -956,7 +964,7 @@ TPM_RC addPartialCertExtensionTpmaOid(TPM_PARTIAL_CERT *partialCertificate, TPM_RC reformCertificate(X509 *x509Certificate, TPMI_ALG_HASH halg, TPMI_ALG_SIG_SCHEME scheme, - TPM_ADDTOCERT *addToCert, + const TPM_ADDTOCERT *addToCert, TPMT_SIGNATURE *tSignature) { TPM_RC rc = 0; -- 2.34.1