Check the return values where memory allocation failures may happen.
authorRichard Levitte <levitte@openssl.org>
Thu, 30 May 2002 16:47:45 +0000 (16:47 +0000)
committerRichard Levitte <levitte@openssl.org>
Thu, 30 May 2002 16:47:45 +0000 (16:47 +0000)
PR: 49

14 files changed:
crypto/asn1/a_enum.c
crypto/asn1/a_int.c
crypto/asn1/a_set.c
crypto/asn1/x_pubkey.c
crypto/bio/bf_nbio.c
crypto/bn/bn_div.c
crypto/bn/bn_mont.c
crypto/bn/bn_mul.c
crypto/evp/bio_enc.c
crypto/objects/o_names.c
crypto/objects/obj_dat.c
crypto/rsa/rsa_eay.c
crypto/txt_db/txt_db.c
crypto/x509v3/v3_ia5.c

index 8a315fa..35232d8 100644 (file)
@@ -151,7 +151,17 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
        else ret->type=V_ASN1_ENUMERATED;
        j=BN_num_bits(bn);
        len=((j == 0)?0:((j/8)+1));
-       ret->data=(unsigned char *)OPENSSL_malloc(len+4);
+       if (ret->length < len+4)
+               {
+               char *new_data=(char *)OPENSSL_realloc(ret->data, len+4);
+               if (!new_data)
+                       {
+                       ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
+                       goto err;
+                       }
+               ret->data=new_data;
+               }
+
        ret->length=BN_bn2bin(bn,ret->data);
        return(ret);
 err:
index 496704b..8ae9827 100644 (file)
@@ -397,7 +397,16 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
        else ret->type=V_ASN1_INTEGER;
        j=BN_num_bits(bn);
        len=((j == 0)?0:((j/8)+1));
-       ret->data=(unsigned char *)OPENSSL_malloc(len+4);
+       if (ret->length < len+4)
+               {
+               char *new_data=(char *)OPENSSL_realloc(ret->data, len+4);
+               if (!new_data)
+                       {
+                       ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
+                       goto err;
+                       }
+               ret->data=new_data;
+               }
        ret->length=BN_bn2bin(bn,ret->data);
        /* Correct zero case */
        if(!ret->length)
index 19bb60f..0f83982 100644 (file)
@@ -118,7 +118,7 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, int (*func)(), int ex_tag,
                }
 
         pStart  = p; /* Catch the beg of Setblobs*/
-        rgSetBlob = (MYBLOB *)OPENSSL_malloc( sk_num(a) * sizeof(MYBLOB)); /* In this array
+        if (!(rgSetBlob = (MYBLOB *)OPENSSL_malloc( sk_num(a) * sizeof(MYBLOB)))) return 0; /* In this array
 we will store the SET blobs */
 
         for (i=0; i<sk_num(a); i++)
@@ -135,7 +135,7 @@ SetBlob
  /* Now we have to sort the blobs. I am using a simple algo.
     *Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/
         qsort( rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp);
-        pTempMem = OPENSSL_malloc(totSize);
+        if (!(pTempMem = OPENSSL_malloc(totSize))) return 0;
 
 /* Copy to temp mem */
         p = pTempMem;
index f1ddbf0..7f7952f 100644 (file)
@@ -119,7 +119,7 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
                dsa->write_params=0;
                ASN1_TYPE_free(a->parameter);
                i=i2d_DSAparams(dsa,NULL);
-               p=(unsigned char *)OPENSSL_malloc(i);
+               if ((p=(unsigned char *)OPENSSL_malloc(i)) == NULL) goto err;
                pp=p;
                i2d_DSAparams(dsa,&pp);
                a->parameter=ASN1_TYPE_new();
@@ -189,7 +189,11 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
                }
 
        if ((i=i2d_PublicKey(pkey,NULL)) <= 0) goto err;
-       if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL) goto err;
+       if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL)
+               {
+               X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
+               goto err;
+               }
        p=s;
        i2d_PublicKey(pkey,&p);
        if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i)) goto err;
index c193e9d..1ce2bfa 100644 (file)
@@ -103,7 +103,7 @@ static int nbiof_new(BIO *bi)
        {
        NBIO_TEST *nt;
 
-       nt=(NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST));
+       if (!(nt=(NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST)))) return(0);
        nt->lrn= -1;
        nt->lwn= -1;
        bi->ptr=(char *)nt;
index ac1a096..f9a095e 100644 (file)
@@ -200,10 +200,10 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
 
        /* First we normalise the numbers */
        norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
-       BN_lshift(sdiv,divisor,norm_shift);
+       if (!(BN_lshift(sdiv,divisor,norm_shift))) goto err;
        sdiv->neg=0;
        norm_shift+=BN_BITS2;
-       BN_lshift(snum,num,norm_shift);
+       if (!(BN_lshift(snum,num,norm_shift))) goto err;
        snum->neg=0;
        div_n=sdiv->top;
        num_n=snum->top;
@@ -327,7 +327,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
                tmp->top=j;
 
                j=wnum.top;
-               BN_sub(&wnum,&wnum,tmp);
+               if (!BN_sub(&wnum,&wnum,tmp)) goto err;
 
                snum->top=snum->top+wnum.top-j;
 
@@ -335,7 +335,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
                        {
                        q--;
                        j=wnum.top;
-                       BN_add(&wnum,&wnum,sdiv);
+                       if (!BN_add(&wnum,&wnum,sdiv)) goto err;
                        snum->top+=wnum.top-j;
                        }
                *(resp--)=q;
index 82942a4..c9ebdba 100644 (file)
@@ -221,7 +221,7 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
 
        if (!BN_mul(t1,t2,&mont->N,ctx)) goto err;
        if (!BN_add(t2,a,t1)) goto err;
-       BN_rshift(ret,t2,mont->ri);
+       if (!BN_rshift(ret,t2,mont->ri)) goto err;
 #endif /* MONT_WORD */
 
        if (BN_ucmp(ret, &(mont->N)) >= 0)
@@ -282,8 +282,8 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
                BN_ULONG buf[2];
 
                mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
-               BN_zero(R);
-               BN_set_bit(R,BN_BITS2);                 /* R */
+               if (!(BN_zero(R))) goto err;
+               if (!(BN_set_bit(R,BN_BITS2))) goto err;        /* R */
 
                buf[0]=mod->d[0]; /* tmod = N mod word size */
                buf[1]=0;
index 7bffc9c..fd598b8 100644 (file)
@@ -964,7 +964,7 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
 
        if ((al == 0) || (bl == 0))
                {
-               BN_zero(r);
+               if (!BN_zero(r)) goto err;
                return(1);
                }
        top=al+bl;
@@ -1044,7 +1044,7 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
                if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA))
                        {
                        BIGNUM *tmp_bn = (BIGNUM *)b;
-                       bn_wexpand(tmp_bn,al);
+                       if (bn_wexpand(tmp_bn,al) == NULL) goto err;
                        tmp_bn->d[bl]=0;
                        bl++;
                        i--;
@@ -1052,7 +1052,7 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
                else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA))
                        {
                        BIGNUM *tmp_bn = (BIGNUM *)a;
-                       bn_wexpand(tmp_bn,bl);
+                       if (bn_wexpand(tmp_bn,bl) == NULL) goto err;
                        tmp_bn->d[al]=0;
                        al++;
                        i++;
@@ -1067,14 +1067,14 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
                        t = BN_CTX_get(ctx);
                        if (al == j) /* exact multiple */
                                {
-                               bn_wexpand(t,k*2);
-                               bn_wexpand(rr,k*2);
+                               if (bn_wexpand(t,k*2) == NULL) goto err;
+                               if (bn_wexpand(rr,k*2) == NULL) goto err;
                                bn_mul_recursive(rr->d,a->d,b->d,al,t->d);
                                }
                        else
                                {
-                               bn_wexpand(t,k*4);
-                               bn_wexpand(rr,k*4);
+                               if (bn_wexpand(t,k*4) == NULL) goto err;
+                               if (bn_wexpand(rr,k*4) == NULL) goto err;
                                bn_mul_part_recursive(rr->d,a->d,b->d,al-j,j,t->d);
                                }
                        rr->top=top;
index 05f4249..64fb235 100644 (file)
@@ -110,8 +110,8 @@ static int enc_new(BIO *bi)
        BIO_ENC_CTX *ctx;
 
        ctx=(BIO_ENC_CTX *)OPENSSL_malloc(sizeof(BIO_ENC_CTX));
-       EVP_CIPHER_CTX_init(&ctx->cipher);
        if (ctx == NULL) return(0);
+       EVP_CIPHER_CTX_init(&ctx->cipher);
 
        ctx->buf_len=0;
        ctx->buf_off=0;
index 2b80243..b4453b4 100644 (file)
@@ -79,6 +79,8 @@ int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),
                {
                MemCheck_off();
                name_funcs = OPENSSL_malloc(sizeof(NAME_FUNCS));
+               MemCheck_on();
+               if (!name_funcs) return(0);
                name_funcs->hash_func = lh_strhash;
                name_funcs->cmp_func = OPENSSL_strcmp;
                name_funcs->free_func = 0; /* NULL is often declared to
@@ -86,6 +88,7 @@ int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),
                                                * to Compaq C is not really
                                                * compatible with a function
                                                * pointer.      -- Richard Levitte*/
+               MemCheck_off();
                sk_NAME_FUNCS_push(name_funcs_stack,name_funcs);
                MemCheck_on();
                }
index 8779ba7..3ff64bb 100644 (file)
@@ -236,7 +236,7 @@ int OBJ_add_object(const ASN1_OBJECT *obj)
        if (added == NULL)
                if (!init_added()) return(0);
        if ((o=OBJ_dup(obj)) == NULL) goto err;
-       ao[ADDED_NID]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ));
+       if (!(ao[ADDED_NID]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err;
        if ((o->length != 0) && (obj->data != NULL))
                ao[ADDED_DATA]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ));
        if (o->sn != NULL)
index d82dd15..0eda816 100644 (file)
@@ -479,10 +479,10 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
        int ret=0;
        BN_CTX *ctx;
 
-       if ((ctx=BN_CTX_new()) == NULL) goto err;
        BN_init(&m1);
        BN_init(&r1);
        BN_init(&vrfy);
+       if ((ctx=BN_CTX_new()) == NULL) goto err;
 
        if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
                {
index e6334d6..9b186f2 100644 (file)
@@ -122,7 +122,7 @@ TXT_DB *TXT_DB_read(BIO *in, int num)
                else
                        {
                        buf->data[offset-1]='\0'; /* blat the '\n' */
-                       p=(char *)OPENSSL_malloc(add+offset);
+                       if (!(p=(char *)OPENSSL_malloc(add+offset))) goto err;
                        offset=0;
                        }
                pp=(char **)p;
index f3bba38..f941445 100644 (file)
@@ -82,7 +82,7 @@ static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
 {
        char *tmp;
        if(!ia5 || !ia5->length) return NULL;
-       tmp = OPENSSL_malloc(ia5->length + 1);
+       if (!(tmp = OPENSSL_malloc(ia5->length + 1))) return NULL;
        memcpy(tmp, ia5->data, ia5->length);
        tmp[ia5->length] = 0;
        return tmp;