Skip to content

fix: free encoded point on write failure in s2n_ecc_evp_write_params_point#5964

Open
WesleyRosenblum wants to merge 2 commits into
mainfrom
WesleyRosenblum/pkeyleak
Open

fix: free encoded point on write failure in s2n_ecc_evp_write_params_point#5964
WesleyRosenblum wants to merge 2 commits into
mainfrom
WesleyRosenblum/pkeyleak

Conversation

@WesleyRosenblum

Copy link
Copy Markdown
Contributor

Goal

Fix a small memory leak on an error path in s2n_ecc_evp_write_params_point.

Why

In the EVP_APIS_SUPPORTED code path, EVP_PKEY_get1_tls_encodedpoint allocates the encoded EC point, which is then written to the output stuffer. If s2n_stuffer_write_bytes failed, the POSIX_GUARD returned early before reaching the OPENSSL_free(encoded_point) call, leaking the allocation.

The write fails when the output stuffer is non-growable and lacks room for the point. This is a small (tens of bytes), pre-authentication, repeatable leak — DoS-only, no memory corruption.

How

Declare encoded_point with DEFER_CLEANUP(..., OPENSSL_free_pointer) so it is freed on every exit path (size mismatch, write failure, and success). The size check becomes POSIX_ENSURE and the write keeps its POSIX_GUARD, with no manual OPENSSL_free calls to forget. This matches the existing cleanup-function pattern already used in this file (EVP_PKEY_free, EC_KEY_free, etc.).

Callouts

  • The #else (non-EVP) branch uses s2n_stuffer_raw_write and has no separate allocation to leak, so no change is needed there.

Testing

Added an error-path test to s2n_ecc_evp_test.c that, for every supported curve, allocates a non-growable stuffer one byte too small to hold the encoded point and asserts the write fails. This exercises the leak path; the leak is caught by valgrind/ASAN in CI. Existing success-path tests continue to pass.

Related

N/A

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

…point

Use DEFER_CLEANUP so the EVP-encoded EC point is freed on every exit path, including when the stuffer write fails. Previously the early return on write failure leaked the allocation. Adds an error-path test that triggers the write failure for leak detection under valgrind/ASAN.
@github-actions github-actions Bot added the s2n-core team label Jun 26, 2026
@WesleyRosenblum WesleyRosenblum marked this pull request as ready for review July 2, 2026 22:02
EXPECT_SUCCESS(s2n_ecc_evp_generate_ephemeral_key(&test_params));
EXPECT_NOT_NULL(test_params.evp_pkey);

EXPECT_FAILURE(s2n_ecc_evp_write_params_point(&test_params, &wire));

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
EXPECT_FAILURE(s2n_ecc_evp_write_params_point(&test_params, &wire));
EXPECT_ERROR_WITH_ERRNO(s2n_ecc_evp_write_params_point(&test_params, &wire), S2N_ERR_STUFFER_IS_FULL);

I think you should be able to assert on the exact error here. Pretty sure it should be stuffer is full error.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants