50eb3bc245
We sometimes do things like `memset(&cert, 0, sizeof(cert))` then
`copy_Certificate(&cert, &cert_copy)`, and then we end up leaking a
byte in `der_copy_octet_string()` due to it having this code:
```C
der_copy_octet_string (const heim_octet_string *from, heim_octet_string *to)
{
assert(from->length == 0 || (from->length > 0 && from->data != NULL));
if (from->length == 0)
to->data = calloc(1, 1);
else
to->data = malloc(from->length);
...
}
```
The traces where this happens always involve the `_save` field of
`Name` or `TBSCertificate`.
This code was assuming that length 0 octet strings are expected to have
a non-NULL `data`, probably in case the C library's allocator returns
non-NULL pointers for `malloc(0)`, but then, why not just call
`malloc(0)`? But calling `malloc(0)` would then still lead to this leak
in on such systems.
Now, `der_free_octet_string()` does unconditionally `free()` the
string's `data`, so the leak really is not there but elsewhere, probably
in `lib/asn1/template.c:_asn1_free()`, but it clearly does
`der_free_octet_string()` the `_save` field of types that have it.
Heimdal
Heimdal is an implementation of:
- ASN.1/DER,
- PKIX, and
- Kerberos.
For information how to install see here.
There are man pages for most of the commands.
Bug reports and bugs are appreciated. Use GitHub issues.
For more information see the project homepage https://heimdal.software/heimdal/ or the mailing lists:
heimdal-announce@heimdal.software low-volume announcement heimdal-discuss@heimdal.software high-volume discussion
send mail to heimdal-announce-subscribe@heimdal.software and heimdal-discuss-subscribe@heimdal.software respectively to subscribe.
Build Status