From e1529e12f8850404f82d262ab19f45b419602468 Mon Sep 17 00:00:00 2001 From: Oguzhan Turk Date: Tue, 3 Mar 2026 10:57:01 +0100 Subject: [PATCH 1/4] tpm2tss_tpm2data_write, tpm2tss_tpm2data_read: fix memory leak - BIGNUM must be freed both on tpm2tss_tpm2data_write and tpm2tss_tpm2data_read: definitely lost: 24 bytes in 1 blocks indirectly lost: 8 bytes in 1 blocks Signed-off-by: Oguzhan Turk --- src/tpm2-tss-engine-common.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/tpm2-tss-engine-common.c b/src/tpm2-tss-engine-common.c index 9dc100d..5ecebd2 100755 --- a/src/tpm2-tss-engine-common.c +++ b/src/tpm2-tss-engine-common.c @@ -182,6 +182,8 @@ tpm2tss_tpm2data_write(const TPM2_DATA *tpm2Data, const char *filename) BN_set_word(bn_parent, TPM2_RH_OWNER); } BN_to_ASN1_INTEGER(bn_parent, tpk->parent); + BN_free(bn_parent); + ASN1_STRING_set(tpk->privkey, &privbuf[0], privbuf_len); ASN1_STRING_set(tpk->pubkey, &pubbuf[0], pubbuf_len); @@ -195,6 +197,8 @@ tpm2tss_tpm2data_write(const TPM2_DATA *tpm2Data, const char *filename) BIO_free(bio); if (tpk) TSSPRIVKEY_free(tpk); + if (bn_parent) + BN_free(bn_parent); return 0; } @@ -347,7 +351,7 @@ tpm2tss_tpm2data_read(const char *filename, TPM2_DATA **tpm2Datap) TSSPRIVKEY *tpk = NULL; TPM2_DATA *tpm2Data = NULL; char type_oid[64]; - BIGNUM *bn_parent; + BIGNUM *bn_parent = NULL; if ((bio = BIO_new_file(filename, "r")) == NULL) { ERR(tpm2tss_tpm2data_read, TPM2TSS_R_FILE_READ); @@ -382,6 +386,8 @@ tpm2tss_tpm2data_read(const char *filename, TPM2_DATA **tpm2Datap) } else { tpm2Data->parent = BN_get_word(bn_parent); } + BN_free(bn_parent); + if (tpm2Data->parent == 0) tpm2Data->parent = TPM2_RH_OWNER; @@ -415,6 +421,8 @@ tpm2tss_tpm2data_read(const char *filename, TPM2_DATA **tpm2Datap) BIO_free(bio); if (tpk) TSSPRIVKEY_free(tpk); + if (bn_parent) + BN_free(bn_parent); return 0; } From 26f5c869e6283c740a2fa20eb0a3993e3accef66 Mon Sep 17 00:00:00 2001 From: Oguzhan Turk Date: Tue, 3 Mar 2026 10:58:49 +0100 Subject: [PATCH 2/4] tpm2tss_tpm2data_write: fix memory leak - TSSPRIVKEY's parent, privkey and pubkey members don't need to be allocated explicitly, because TSSPRIVKEY_new already does: definitely lost: 72 bytes in 3 blocks indirectly lost: 0 bytes in 0 blocks Signed-off-by: Oguzhan Turk --- src/tpm2-tss-engine-common.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/src/tpm2-tss-engine-common.c b/src/tpm2-tss-engine-common.c index 5ecebd2..be0998f 100755 --- a/src/tpm2-tss-engine-common.c +++ b/src/tpm2-tss-engine-common.c @@ -163,10 +163,7 @@ tpm2tss_tpm2data_write(const TPM2_DATA *tpm2Data, const char *filename) goto error; } tpk->type = OBJ_txt2obj(OID_loadableKey, 1); - tpk->parent = ASN1_INTEGER_new(); - tpk->privkey = ASN1_OCTET_STRING_new(); - tpk->pubkey = ASN1_OCTET_STRING_new(); - if (!tpk->type || !tpk->privkey || !tpk->pubkey || !tpk->parent) { + if (!tpk->type) { ERR(tpm2tss_tpm2data_write, ERR_R_MALLOC_FAILURE); goto error; } From 5d7a9347ac4d10a3695da8e9b2a153490f02d73f Mon Sep 17 00:00:00 2001 From: Oguzhan Turk Date: Tue, 3 Mar 2026 11:00:22 +0100 Subject: [PATCH 3/4] genkey_rsa: fix memory leak - TPM2_DATA* returned from RSA_get_app_data can be returned directly genkey_rsa() because RSA_free() doesn't free this item: definitely lost: 2,248 bytes in 1 blocks indirectly lost: 0 bytes in 0 blocks Signed-off-by: Oguzhan Turk --- src/tpm2tss-genkey.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/src/tpm2tss-genkey.c b/src/tpm2tss-genkey.c index a731897..bac4290 100644 --- a/src/tpm2tss-genkey.c +++ b/src/tpm2tss-genkey.c @@ -265,14 +265,7 @@ genkey_rsa() VERB("Key generated\n"); - TPM2_DATA *tpm2Data = OPENSSL_malloc(sizeof(*tpm2Data)); - if (tpm2Data == NULL) { - ERR("out of memory\n"); - BN_free(e); - RSA_free(rsa); - return NULL; - } - memcpy(tpm2Data, RSA_get_app_data(rsa), sizeof(*tpm2Data)); + TPM2_DATA *tpm2Data = RSA_get_app_data(rsa); BN_free(e); RSA_free(rsa); From 2843f9db9a9c7b338aa6da2dcf9b08cfcc08baa9 Mon Sep 17 00:00:00 2001 From: Oguzhan Turk Date: Tue, 3 Mar 2026 11:01:46 +0100 Subject: [PATCH 4/4] update .gitignore to cover more generated files Signed-off-by: Oguzhan Turk --- .gitignore | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.gitignore b/.gitignore index c5546bd..0115645 100644 --- a/.gitignore +++ b/.gitignore @@ -3,6 +3,8 @@ Makefile Makefile.in aclocal.m4 +ax_*.m4 +pkg.m4 aminclude_static.am autom4te.cache/ compile @@ -16,6 +18,7 @@ install-sh libtool libtpm2.la ltmain.sh +stamp-h1 m4/libtool.m4 m4/ltoptions.m4 m4/ltsugar.m4 @@ -26,6 +29,7 @@ src/.dirstamp src/.libs/ src/*.o src/*.lo +src/config.h tpm2tss-genkey libtpm2tss.la *.gcno @@ -44,3 +48,5 @@ test/error_tpm2-tss-engine-common test/*.o config.h.in VERSION +build/ +.vscode/