This has been fixed in the latest version.

-----Original Message-----
From: owner-openssl-dev@openssl.org
[mailtowner-openssl-dev@openssl.org] On Behalf Of Salivar.William
Sent: Thursday, April 03, 2008 3:20 PM
To: openssl-dev@openssl.org
Subject: Resource leak in bss_file.c

We have a scan tool that has detected a resource leak if the call to
BIO_new fails to allocate memory. The 'file' pointer is not cleaned up.

97 BIO *BIO_new_file(const char *filename, const char *mode)
98 {
99 BIO *ret;
100 FILE *file;
101 =09
Event alloc_fn: Called allocation function "fopen"
Event var_assign: Assigned variable "file" to storage returned from
"fopen"
At conditional (1): "file =3D fopen =3D=3D 0" taking false path
102 if ((file=3Dfopen(filename,mode)) =3D=3D NULL)
103 {
104 SYSerr(SYS_F_FOPEN,get_last_sys_error());
105
ERR_add_error_data(5,"fopen('",filename,"','",mode,"')");
106 if (errno =3D=3D ENOENT)
107
BIOerr(BIO_F_BIO_NEW_FILE,BIO_R_NO_SUCH_FILE);
108 else
109
BIOerr(BIO_F_BIO_NEW_FILE,ERR_R_SYS_LIB);
110 return(NULL);
111 }
At conditional (2): "ret =3D BIO_new =3D=3D 0" taking true path
112 if ((ret=3DBIO_new(BIO_s_file_internal())) =3D=3D NULL)
Event leaked_storage: Returned without freeing storage "file"
113 return(NULL);
114 =09
115 BIO_set_fp(ret,file,BIO_CLOSE);
116 return(ret);
117 }

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org