From a844f576995a19e08706e01cdfcc94fb971d402a Mon Sep 17 00:00:00 2001
From: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Mon, 22 Jan 2024 16:02:59 +0100
Subject: [PATCH] Fix a possible memory leak in req_main

if the private key is output to stdout using the HARNESS_OSSL_PREFIX,
out is a stack of BIOs and must therefore free'd using BIO_free_all.

Steps to reproduce:

$ HARNESS_OSSL_PREFIX=x OPENSSL_CONF=apps/openssl.cnf util/shlib_wrap.sh apps/openssl req -new -keyout - -passout pass: </dev/null
[...]
Direct leak of 128 byte(s) in 1 object(s) allocated from:
    #0 0x7f6f692b89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
    #1 0x7f6f686eda00 in CRYPTO_malloc crypto/mem.c:202
    #2 0x7f6f686edba0 in CRYPTO_zalloc crypto/mem.c:222
    #3 0x7f6f68471bdf in BIO_new_ex crypto/bio/bio_lib.c:83
    #4 0x7f6f68491a8f in BIO_new_fp crypto/bio/bss_file.c:95
    #5 0x555c5f58b378 in dup_bio_out apps/lib/apps.c:3014
    #6 0x555c5f58f9ac in bio_open_default_ apps/lib/apps.c:3175
    #7 0x555c5f58f9ac in bio_open_default apps/lib/apps.c:3203
    #8 0x555c5f528537 in req_main apps/req.c:683
    #9 0x555c5f50e315 in do_cmd apps/openssl.c:426
    #10 0x555c5f4c5575 in main apps/openssl.c:307
    #11 0x7f6f680461c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

SUMMARY: AddressSanitizer: 128 byte(s) leaked in 1 allocation(s).

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23365)

(cherry picked from commit ff78d94b131d7bb3b761509d3ce0dd864b1420e3)
---
 apps/req.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/req.c b/apps/req.c
index 5656f6767c88d..b02d26115f908 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -680,7 +680,7 @@ int req_main(int argc, char **argv)
             }
             goto end;
         }
-        BIO_free(out);
+        BIO_free_all(out);
         out = NULL;
         BIO_printf(bio_err, "-----\n");
     }