From e57036f2bf810e807700c80d8ff4f7d100890100 Mon Sep 17 00:00:00 2001 From: FdaSilvaYY Date: Mon, 27 Jun 2016 21:58:32 +0200 Subject: [PATCH] Fix some memory error handling in CT Reviewed-by: Rich Salz Reviewed-by: Matt Caswell --- crypto/ct/ct_log.c | 37 ++++++++++++++++++++++--------------- include/openssl/ct.h | 2 ++ 2 files changed, 24 insertions(+), 15 deletions(-) diff --git a/crypto/ct/ct_log.c b/crypto/ct/ct_log.c index 7298f1bfd4..b01bb5693e 100644 --- a/crypto/ct/ct_log.c +++ b/crypto/ct/ct_log.c @@ -58,15 +58,10 @@ static CTLOG_STORE_LOAD_CTX *ctlog_store_load_ctx_new() { CTLOG_STORE_LOAD_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); - if (ctx == NULL) { + if (ctx == NULL) CTerr(CT_F_CTLOG_STORE_LOAD_CTX_NEW, ERR_R_MALLOC_FAILURE); - goto err; - } return ctx; -err: - ctlog_store_load_ctx_free(ctx); - return NULL; } static void ctlog_store_load_ctx_free(CTLOG_STORE_LOAD_CTX* ctx) @@ -98,8 +93,10 @@ CTLOG_STORE *CTLOG_STORE_new(void) { CTLOG_STORE *ret = OPENSSL_zalloc(sizeof(*ret)); - if (ret == NULL) - goto err; + if (ret == NULL) { + CTerr(CT_F_CTLOG_STORE_NEW, ERR_R_MALLOC_FAILURE); + return NULL; + } ret->logs = sk_CTLOG_new_null(); if (ret->logs == NULL) @@ -107,7 +104,7 @@ CTLOG_STORE *CTLOG_STORE_new(void) return ret; err: - CTLOG_STORE_free(ret); + OPENSSL_free(ret); return NULL; } @@ -122,7 +119,7 @@ void CTLOG_STORE_free(CTLOG_STORE *store) static CTLOG *ctlog_new_from_conf(const CONF *conf, const char *section) { CTLOG *ret = NULL; - char *description = NCONF_get_string(conf, section, "description"); + const char *description = NCONF_get_string(conf, section, "description"); char *pkey_base64; if (description == NULL) { @@ -165,7 +162,7 @@ static int ctlog_store_load_log(const char *log_name, int log_name_len, void *arg) { CTLOG_STORE_LOAD_CTX *load_ctx = arg; - CTLOG *ct_log; + CTLOG *ct_log = NULL; /* log_name may not be null-terminated, so fix that before using it */ char *tmp; @@ -174,19 +171,27 @@ static int ctlog_store_load_log(const char *log_name, int log_name_len, return 1; tmp = OPENSSL_strndup(log_name, log_name_len); + if (tmp == NULL) + goto mem_err; + ct_log = ctlog_new_from_conf(load_ctx->conf, tmp); OPENSSL_free(tmp); if (ct_log == NULL) { + /* TODO: split invalid input case from internal failure */ /* If we can't load this log, record that fact and skip it */ ++load_ctx->invalid_log_entries; return 1; } if (!sk_CTLOG_push(load_ctx->log_store->logs, ct_log)) { - CTLOG_free(ct_log); - return -1; + goto mem_err; } return 1; + +mem_err: + CTLOG_free(ct_log); + CTerr(CT_F_CTLOG_STORE_LOAD_LOG, ERR_R_MALLOC_FAILURE); + return -1; } int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file) @@ -234,11 +239,13 @@ CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name) CTLOG *ret = CTLOG_new_null(); if (ret == NULL) - goto err; + return NULL; ret->name = OPENSSL_strdup(name); - if (ret->name == NULL) + if (ret->name == NULL) { + CTerr(CT_F_CTLOG_NEW, ERR_R_MALLOC_FAILURE); goto err; + } ret->public_key = public_key; if (ct_v1_log_id_from_pkey(public_key, ret->log_id) != 1) diff --git a/include/openssl/ct.h b/include/openssl/ct.h index f9586dc8a5..4ef6063dd8 100644 --- a/include/openssl/ct.h +++ b/include/openssl/ct.h @@ -491,6 +491,8 @@ void ERR_load_CT_strings(void); # define CT_F_CTLOG_NEW_NULL 120 # define CT_F_CTLOG_STORE_LOAD_CTX_NEW 122 # define CT_F_CTLOG_STORE_LOAD_FILE 123 +# define CT_F_CTLOG_STORE_LOAD_LOG 130 +# define CT_F_CTLOG_STORE_NEW 131 # define CT_F_CT_BASE64_DECODE 124 # define CT_F_CT_POLICY_EVAL_CTX_NEW 133 # define CT_F_CT_V1_LOG_ID_FROM_PKEY 125 -- 2.34.1