Add stack space reservations.
authorPauli <paul.dale@oracle.com>
Mon, 18 Sep 2017 22:48:14 +0000 (08:48 +1000)
committerPauli <paul.dale@oracle.com>
Wed, 27 Sep 2017 20:53:40 +0000 (06:53 +1000)
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4386)

crypto/async/async.c
crypto/x509v3/v3_info.c
ssl/ssl_cert.c
ssl/ssl_lib.c

index 1359b50..7678b48 100644 (file)
@@ -342,6 +342,8 @@ int ASYNC_init_thread(size_t max_size, size_t init_size)
         OPENSSL_free(pool);
         return 0;
     }
+    if (!sk_ASYNC_JOB_reserve(pool->jobs, init_size))
+        goto err;
 
     pool->max_size = max_size;
 
@@ -358,7 +360,7 @@ int ASYNC_init_thread(size_t max_size, size_t init_size)
             break;
         }
         job->funcargs = NULL;
-        sk_ASYNC_JOB_push(pool->jobs, job);
+        sk_ASYNC_JOB_push(pool->jobs, job); /* Cannot fail due to reserve */
         curr_size++;
     }
     pool->curr_size = curr_size;
index c2c0949..6b98575 100644 (file)
@@ -107,20 +107,23 @@ static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD
     CONF_VALUE *cnf, ctmp;
     ACCESS_DESCRIPTION *acc;
     int i, objlen;
+    const int num = sk_CONF_VALUE_num(nval);
     char *objtmp, *ptmp;
 
     if ((ainfo = sk_ACCESS_DESCRIPTION_new_null()) == NULL) {
         X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
-    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+    if (!sk_ACCESS_DESCRIPTION_reserve(ainfo, num))
+        goto err;
+    for (i = 0; i < num; i++) {
         cnf = sk_CONF_VALUE_value(nval, i);
-        if ((acc = ACCESS_DESCRIPTION_new()) == NULL
-            || !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) {
+        if ((acc = ACCESS_DESCRIPTION_new()) == NULL) {
             X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,
                       ERR_R_MALLOC_FAILURE);
             goto err;
         }
+        sk_ACCESS_DESCRIPTION_push(ainfo, acc); /* Cannot fail due to reserve */
         ptmp = strchr(cnf->name, ';');
         if (!ptmp) {
             X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,
index ba5fb65..a517cf1 100644 (file)
@@ -460,6 +460,7 @@ static void set0_CA_list(STACK_OF(X509_NAME) **ca_list,
 STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk)
 {
     int i;
+    const int num = sk_X509_NAME_num(sk);
     STACK_OF(X509_NAME) *ret;
     X509_NAME *name;
 
@@ -468,13 +469,16 @@ STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk)
         SSLerr(SSL_F_SSL_DUP_CA_LIST, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
-    for (i = 0; i < sk_X509_NAME_num(sk); i++) {
+    if (!sk_X509_NAME_reserve(ret, num))
+        return NULL;
+    for (i = 0; i < num; i++) {
         name = X509_NAME_dup(sk_X509_NAME_value(sk, i));
-        if (name == NULL || !sk_X509_NAME_push(ret, name)) {
+        if (name == NULL) {
             sk_X509_NAME_pop_free(ret, X509_NAME_free);
             X509_NAME_free(name);
             return NULL;
         }
+        sk_X509_NAME_push(ret, name);   /* Cannot fail after reserve call */
     }
     return (ret);
 }
index e04feec..85425a1 100644 (file)
@@ -161,6 +161,7 @@ static int ssl_dane_dup(SSL *to, SSL *from)
     if (!DANETLS_ENABLED(&from->dane))
         return 1;
 
+    num = sk_danetls_record_num(from->dane.trecs);
     dane_final(&to->dane);
     to->dane.flags = from->dane.flags;
     to->dane.dctx = &to->ctx->dane;
@@ -170,8 +171,9 @@ static int ssl_dane_dup(SSL *to, SSL *from)
         SSLerr(SSL_F_SSL_DANE_DUP, ERR_R_MALLOC_FAILURE);
         return 0;
     }
+    if (!sk_danetls_record_reserve(to->dane.trecs, num))
+        return 0;
 
-    num = sk_danetls_record_num(from->dane.trecs);
     for (i = 0; i < num; ++i) {
         danetls_record *t = sk_danetls_record_value(from->dane.trecs, i);