From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTPS id 1909B4112B
	for <ffmpegdev@gitmailbox.com>; Sun, 13 Jul 2025 19:28:05 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 5505E68E36F;
	Sun, 13 Jul 2025 22:25:52 +0300 (EEST)
Received: from btbn.de (btbn.de [144.76.60.213])
 by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id 3CA2768E2F8
 for <ffmpeg-devel@ffmpeg.org>; Sun, 13 Jul 2025 22:25:28 +0300 (EEST)
Received: from [authenticated] by btbn.de (Postfix) with ESMTPSA id
 B8C4B27FD36C1; Sun, 13 Jul 2025 21:25:24 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rothenpieler.org;
 s=mail; t=1752434724;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=8sM6EdM7L/bX5jdcpX8KR8W+e4UxiNIcyS0eFNvfG40=;
 b=MN36ywNXBzcSRfNejSBjOF9UIjdlWZKJaLfU/Ln8/VUFlY8ehNqlhuljQ3LY3c3ITMIvLl
 eV5DMH/CnnO02pxf5XxIJn9sntUMq7/kYWSSv9twDrqerNjP06wvjassI7dc5/CD0K6loZ
 z4g8G4F1RPjvhElUuidItXiLd5qocV8EcKYHNzrwInKzJTKDNQOyFC1D+u/DwOF7wS9Iaq
 im6BoOWYjxjuXNo3R0Z+tayOOko5ThccuWkMPVN1dRlpZTjRkkfEV8LhOhOD5sHBxzyJCO
 fmgQU95AEW+x92wFErDdZvkG4/ls39oVGxl9O9BjGzGHI1V65NC1iS5GosLlGg==
From: Timo Rothenpieler <timo@rothenpieler.org>
To: ffmpeg-devel@ffmpeg.org
Date: Sun, 13 Jul 2025 21:24:45 +0200
Message-ID: <20250713192512.928390-11-timo@rothenpieler.org>
X-Mailer: git-send-email 2.49.0
In-Reply-To: <20250713192512.928390-1-timo@rothenpieler.org>
References: <20250713192512.928390-1-timo@rothenpieler.org>
MIME-Version: 1.0
Subject: [FFmpeg-devel] [PATCH 11/14] avformat/tls_openssl: properly free
 generated/read keys and certificates
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Cc: Timo Rothenpieler <timo@rothenpieler.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/20250713192512.928390-11-timo@rothenpieler.org/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

---
 libavformat/tls_openssl.c | 26 ++++++++++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)

diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c
index c58044b46b..34dd22daf7 100644
--- a/libavformat/tls_openssl.c
+++ b/libavformat/tls_openssl.c
@@ -161,8 +161,8 @@ int ff_ssl_read_key_cert(char *key_url, char *cert_url, char *key_buf, size_t ke
     int ret = 0;
     BIO *key_b = NULL, *cert_b = NULL;
     AVBPrint key_bp, cert_bp;
-    EVP_PKEY *pkey;
-    X509 *cert;
+    EVP_PKEY *pkey = NULL;
+    X509 *cert = NULL;
     char *key_tem = NULL, *cert_tem = NULL;
 
     /* To prevent a crash during cleanup, always initialize it. */
@@ -230,6 +230,8 @@ end:
     av_bprint_finalize(&cert_bp, NULL);
     av_free(key_tem);
     av_free(cert_tem);
+    EVP_PKEY_free(pkey);
+    X509_free(cert);
     return ret;
 }
 
@@ -255,7 +257,16 @@ static int openssl_gen_private_key(EVP_PKEY **pkey, EC_KEY **eckey)
 
 #if OPENSSL_VERSION_NUMBER < 0x30000000L /* OpenSSL 3.0 */
     *pkey = EVP_PKEY_new();
+    if (!*pkey)
+        return AVERROR(ENOMEM);
+
     *eckey = EC_KEY_new();
+    if (!*eckey) {
+        EVP_PKEY_free(*pkey);
+        *pkey = NULL;
+        return AVERROR(ENOMEM);
+    }
+
     ecgroup = EC_GROUP_new_by_curve_name(curve);
     if (!ecgroup) {
         av_log(NULL, AV_LOG_ERROR, "TLS: Create EC group by curve=%d failed, %s", curve, ERR_error_string(ERR_get_error(), NULL));
@@ -287,6 +298,10 @@ static int openssl_gen_private_key(EVP_PKEY **pkey, EC_KEY **eckey)
 
 einval_end:
     ret = AVERROR(EINVAL);
+    EC_KEY_free(*eckey);
+    EVP_PKEY_free(*pkey);
+    *eckey = NULL;
+    *pkey = NULL;
 end:
 #if OPENSSL_VERSION_NUMBER < 0x30000000L /* OpenSSL 3.0 */
     EC_GROUP_free(ecgroup);
@@ -368,6 +383,10 @@ enomem_end:
 einval_end:
     ret = AVERROR(EINVAL);
 end:
+    if (ret) {
+        X509_free(*cert);
+        *cert = NULL;
+    }
     X509_NAME_free(subject);
     return ret;
 }
@@ -395,6 +414,9 @@ int ff_ssl_gen_key_cert(char *key_buf, size_t key_sz, char *cert_buf, size_t cer
     av_free(key_tem);
     av_free(cert_tem);
 error:
+    X509_free(cert);
+    EC_KEY_free(ec_key);
+    EVP_PKEY_free(pkey);
     return ret;
 }
 
-- 
2.49.0

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".