Merge pull request #37407 from ClickHouse/certificates-mem-leak

Fix possible memory leaks in system.certificates implementation
2024-11-27 01:51:59 +00:00 · 2022-05-22 00:15:30 +03:00 · 2022-05-22 00:15:30 +03:00 · 790f442362
commit 790f442362
parent d878f193d8 4c13b52b6a
1 changed files with 16 additions and 5 deletions
--- a/src/Storages/System/StorageSystemCertificates.cpp
+++ b/src/Storages/System/StorageSystemCertificates.cpp
@ -45,6 +45,10 @@ static std::unordered_set<std::string> parse_dir(const std::string & dir)
 static void populateTable(const X509 * cert, MutableColumns & res_columns, const std::string & path, bool def)
 {
    BIO * b = BIO_new(BIO_s_mem());
+    SCOPE_EXIT(
+    {
+        BIO_free(b);
+    });
    size_t col = 0;

    res_columns[col++]->insert(X509_get_version(cert) + 1);
@ -53,11 +57,14 @@ static void populateTable(const X509 * cert, MutableColumns & res_columns, const
        char buf[1024] = {0};
        const ASN1_INTEGER * sn = cert->cert_info->serialNumber;
        BIGNUM * bnsn = ASN1_INTEGER_to_BN(sn, nullptr);
+        SCOPE_EXIT(
+        {
+            BN_free(bnsn);
+        });
        if (BN_print(b, bnsn) > 0 && BIO_read(b, buf, sizeof(buf)) > 0)
            res_columns[col]->insert(buf);
        else
            res_columns[col]->insertDefault();
-        BN_free(bnsn);
    }
    ++col;

@ -79,8 +86,11 @@ static void populateTable(const X509 * cert, MutableColumns & res_columns, const
    char * issuer = X509_NAME_oneline(cert->cert_info->issuer, nullptr, 0);
    if (issuer)
    {
+        SCOPE_EXIT(
+        {
+            OPENSSL_free(issuer);
+        });
        res_columns[col]->insert(issuer);
-        OPENSSL_free(issuer);
    }
    else
        res_columns[col]->insertDefault();
@ -107,8 +117,11 @@ static void populateTable(const X509 * cert, MutableColumns & res_columns, const
    char * subject = X509_NAME_oneline(cert->cert_info->subject, nullptr, 0);
    if (subject)
    {
+        SCOPE_EXIT(
+        {
+            OPENSSL_free(subject);
+        });
        res_columns[col]->insert(subject);
-        OPENSSL_free(subject);
    }
    else
        res_columns[col]->insertDefault();
@ -133,8 +146,6 @@ static void populateTable(const X509 * cert, MutableColumns & res_columns, const

    res_columns[col++]->insert(path);
    res_columns[col++]->insert(def);
-
-    BIO_free(b);
 }

 static void enumCertificates(const std::string & dir, bool def, MutableColumns & res_columns)