Hi,

I suggest some quick patches (memory leaks):
All OS.
All openssl versions.

1) in pk7_smime.c:
255a256
> sk_X509_free(signers);


New code:
tmpin =3D BIO_new_mem_buf(ptr, len);
if (tmpin =3D=3D NULL)
{
=09
PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE );
sk_X509_free(signers);
return 0;
}

2) in pk7_mime.c:
653c653,657
< if(!mhdr) return NULL;
---
> if(!mhdr) {
> if(tmpname) OPENSSL_free(tmpname);
> if(tmpval) OPENSSL_free(tmpval);
> return NULL;
> }


656c660,663
< if(!(mhdr->params =3D sk_MIME_PARAM_new(mime_param_cmp))) return
NULL;
---
> if(!(mhdr->params =3D sk_MIME_PARAM_new(mime_param_cmp))) {
> mime_hdr_free(mhdr); =20
> return NULL;
> }


Line 678:
< if(!tmpval) return 0;
-----
> if(!tmpval) {=20
> if(tmpname) OPENSSL_free(tmpname); =20
> return 0;=20
> }


Line 682:
< if(!mparam) return 0;
-----
> if(!mparam) {=20
> if(tmpname) OPENSSL_free(tmpname); =20
> if(tmpval) OPENSSL_free(tmpval);=20
> return 0;=20
> }


Thanks
Eric

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org