From 62349d85b5fb39e1dc61974b38594c7f0d58c29b Mon Sep 17 00:00:00 2001 From: Aaron Burghardt Date: Sun, 30 Jun 2013 20:33:42 -0400 Subject: Fixed memory leak in lockdownd_gen_pair_cert() when getting cert data using OpenSSL. --- src/lockdown.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/lockdown.c b/src/lockdown.c index 1319e5d..21aa334 100644 --- a/src/lockdown.c +++ b/src/lockdown.c @@ -1213,10 +1213,13 @@ lockdownd_error_t lockdownd_gen_pair_cert(key_data_t public_key, key_data_t * od /* copy buffer for output */ membp = BIO_new(BIO_s_mem()); if (membp && PEM_write_bio_X509(membp, dev_cert) > 0) { - odevice_cert->size = BIO_get_mem_data(membp, &odevice_cert->data); + void *datap; + odevice_cert->size = BIO_get_mem_data(membp, &datap); + odevice_cert->data = malloc(odevice_cert->size); + memcpy(odevice_cert->data, datap, odevice_cert->size); } if (membp) - free(membp); + BIO_free(membp); ohost_cert->data = malloc(pem_host_cert.size); memcpy(ohost_cert->data, pem_host_cert.data, pem_host_cert.size); -- cgit v1.1-32-gdbae