CKey::SetSecret BIGNUM leak #650

issue xanatos opened this issue on November 21, 2011
  1. xanatos commented at 10:41 AM on November 21, 2011: none

    In key.h, CKey::SetSecret(const CSecret& vchSecret) there is a potential BIGNUM leak.

    Look at the line with if (!EC_KEY_regenerate_key(pkey,bn)). If it fails it throw, but it doesn't BN_clear_free(bn);.

        BIGNUM *bn = BN_bin2bn(&vchSecret[0],32,BN_new());
    if (bn == NULL) 
        throw key_error("CKey::SetSecret() : BN_bin2bn failed");
    if (!EC_KEY_regenerate_key(pkey,bn))
        throw key_error("CKey::SetSecret() : EC_KEY_regenerate_key failed");
    BN_clear_free(bn);

    I'll add that, to be consistent, you should put fSet = false; at the beginning of the function, because you are resetting the pkey and then re-put it at true at the end of the function if everything went ok.

  2. laanwj commented at 10:45 AM on November 21, 2011: member

    Yeah, C++ exceptions and manual memory allocation/dallocation is asking for trouble. We should make more use of the RAII idiom.

  3. sipa referenced this in commit 85c72e80ad on Feb 19, 2012
  4. sipa referenced this in commit a09f101f14 on Feb 19, 2012
  5. sipa closed this on Feb 20, 2012
  6. sje397 referenced this in commit 769f568d54 on Feb 28, 2012
  7. coblee referenced this in commit fafcbf0dfc on Jul 17, 2012
  8. coblee referenced this in commit 706b3ebf13 on Jul 17, 2012
  9. ptschip referenced this in commit 4584a407a0 on Jul 14, 2017
  10. toolboc referenced this in commit d0ec9be47d on Dec 28, 2017
  11. dexX7 referenced this in commit 4723e8326c on Jul 16, 2018
  12. elichai referenced this in commit 461acf5c6c on Aug 22, 2019
  13. elichai referenced this in commit 69b0efd59f on Aug 22, 2019
  14. sipa referenced this in commit 6b9cd1520b on Sep 24, 2019
  15. sipa referenced this in commit 544c1f35e7 on Nov 6, 2019
  16. sipa referenced this in commit d5cd9db7a3 on Nov 19, 2019
  17. sipa referenced this in commit de659898b6 on Jan 21, 2020
  18. sipa referenced this in commit 36362dfb90 on Jan 23, 2020
  19. jnewbery referenced this in commit 85e7d06351 on Mar 17, 2020
  20. sipa referenced this in commit 4977ac14d3 on Mar 18, 2020
  21. sipa referenced this in commit 5bf7fb5baa on Mar 18, 2020
  22. sipa referenced this in commit fb2a05e468 on Mar 19, 2020
  23. sipa referenced this in commit 497fad6f09 on Mar 21, 2020
  24. sipa referenced this in commit eae016f117 on Mar 22, 2020
  25. sipa referenced this in commit 4e37a7c2cb on Mar 27, 2020
  26. jnewbery referenced this in commit 9696dea839 on Apr 16, 2020
  27. jnewbery referenced this in commit a541fd0e87 on Apr 19, 2020
  28. sipa referenced this in commit c308759ea5 on Apr 19, 2020
  29. sipa referenced this in commit 4eaec32f1c on May 2, 2020
  30. sipa referenced this in commit ef7117193c on May 22, 2020
  31. sipa referenced this in commit 67f232b5d8 on Jun 9, 2020
  32. stackman27 referenced this in commit 78cde6f8c7 on Jun 26, 2020
  33. rajarshimaitra referenced this in commit 279379563c on Aug 5, 2021
  34. DrahtBot locked this on Sep 8, 2021
Contributors
xanatoslaanwj
Labels
Bug
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-29 03:16 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me