Add checks on CRYPTO_new_ex_data return value

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/996)

diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c
index 94c97da369d5c038f408e938d97ed3737f47afe6..6ddc19fc9ae0f2a44ba7486245b74bbbc452a888 100644 (file)
--- a/crypto/bio/bio_lib.c
+++ b/crypto/bio/bio_lib.c
@@ -93,7 +93,8 @@ int BIO_set(BIO *bio, const BIO_METHOD *method)
     bio->references = 1;
     bio->num_read = 0L;
     bio->num_write = 0L;
-    CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data);
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data))
+        return 0;
 
     bio->lock = CRYPTO_THREAD_lock_new();
     if (bio->lock == NULL) {

diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c
index d0bc716bb3cd67f12b4f5a6439d57e6814f3beff..5bcd24bcf8860fd95c84e1f87ce7382eaa58a54f 100644 (file)
--- a/crypto/engine/eng_lib.c
+++ b/crypto/engine/eng_lib.c
@@ -83,7 +83,10 @@ ENGINE *ENGINE_new(void)
     }
     ret->struct_ref = 1;
     engine_ref_debug(ret, 0, 1);
-    CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data);
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data)) {
+        OPENSSL_free(ret);
+        return NULL;
+    }
     return ret;
 }
 

diff --git a/crypto/ui/ui_lib.c b/crypto/ui/ui_lib.c
index 7b08107f7a46ff2c69f6070a2ae3231b879adb47..cc5b5f1ecb5a3591fcd8b0ea21ba1ebc72d0cfb4 100644 (file)
--- a/crypto/ui/ui_lib.c
+++ b/crypto/ui/ui_lib.c
@@ -92,7 +92,10 @@ UI *UI_new_method(const UI_METHOD *method)
     else
         ret->meth = method;
 
-    CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI, ret, &ret->ex_data);
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI, ret, &ret->ex_data)) {
+        OPENSSL_free(ret);
+        return NULL;
+    }
     return ret;
 }
 

diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c
index 22a7e5922d421e6125e1e3f45c0486c2701772b3..11e758be807648481e83e385f801dc1ab05df3df 100644 (file)
--- a/crypto/x509/x_x509.c
+++ b/crypto/x509/x_x509.c
@@ -99,7 +99,8 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
 #endif
         ret->aux = NULL;
         ret->crldp = NULL;
-        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
+        if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data))
+            return 0;
         break;
 
     case ASN1_OP_FREE_POST:

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 81c4b6710e2cc9a6bf38a908158308b43b44fed0..e00c1191b5c377c1fca996e73dc760a02d688477 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -751,7 +751,8 @@ SSL *SSL_new(SSL_CTX *ctx)
     if (!SSL_clear(s))
         goto err;
 
-    CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data))
+        goto err;
 
 #ifndef OPENSSL_NO_PSK
     s->psk_client_callback = ctx->psk_client_callback;
@@ -2441,7 +2442,8 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
     if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL)
         goto err;
 
-    CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data))
+        goto err;
 
     /* No compression for DTLS */
     if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS))

diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index d5b7fe33109325d95c389035645fb75227329311..3b9a9f75359e59b77a1179b26dccc3500673a404 100644 (file)
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -198,8 +198,11 @@ SSL_SESSION *SSL_SESSION_new(void)
         return NULL;
     }
 
-    CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
-
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data)) {
+        CRYPTO_THREAD_lock_free(ss->lock);
+        OPENSSL_free(ss);
+        return NULL;
+    }
     return ss;
 }