/*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
char *dirpath = NULL;
OPENSSL_DIR_CTX *dirctx = NULL;
#endif
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+ int numincludes = 0;
+#endif
if ((buff = BUF_MEM_new()) == NULL) {
ERR_raise(ERR_LIB_CONF, ERR_R_BUF_LIB);
}
section = OPENSSL_strdup("default");
- if (section == NULL) {
- ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE);
+ if (section == NULL)
goto err;
- }
if (_CONF_new_data(conf) == 0) {
- ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_CONF, ERR_R_CONF_LIB);
goto err;
}
goto err;
} else if (strcmp(p, "includedir") == 0) {
OPENSSL_free(conf->includedir);
- if ((conf->includedir = OPENSSL_strdup(pval)) == NULL) {
- ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE);
+ if ((conf->includedir = OPENSSL_strdup(pval)) == NULL)
goto err;
- }
}
/*
const char *include_dir = ossl_safe_getenv("OPENSSL_CONF_INCLUDE");
char *include_path = NULL;
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+ /*
+ * The include processing below can cause the "conf" fuzzer to
+ * timeout due to the fuzzer inserting large and complicated
+ * includes - with a large amount of time spent in
+ * OPENSSL_strlcat/OPENSSL_strcpy. This is not a security
+ * concern because config files should never come from untrusted
+ * sources. We just set an arbitrary limit on the allowed
+ * number of includes when fuzzing to prevent this timeout.
+ */
+ if (numincludes++ > 10)
+ goto err;
+#endif
+
if (include_dir == NULL)
include_dir = conf->includedir;
include_path = OPENSSL_malloc(newlen);
if (include_path == NULL) {
- ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE);
OPENSSL_free(include);
goto err;
}
/* push the currently processing BIO onto stack */
if (biosk == NULL) {
if ((biosk = sk_BIO_new_null()) == NULL) {
- ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_CONF, ERR_R_CRYPTO_LIB);
BIO_free(next);
goto err;
}
}
if (!sk_BIO_push(biosk, in)) {
- ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_CONF, ERR_R_CRYPTO_LIB);
BIO_free(next);
goto err;
}
start = eat_ws(conf, p);
trim_ws(conf, start);
- if ((v = OPENSSL_malloc(sizeof(*v))) == NULL) {
- ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE);
+ if ((v = OPENSSL_malloc(sizeof(*v))) == NULL)
goto err;
- }
v->name = OPENSSL_strdup(pname);
v->value = NULL;
- if (v->name == NULL) {
- ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE);
+ if (v->name == NULL)
goto err;
- }
if (!str_copy(conf, psection, &(v->value), start))
goto err;
} else
tv = sv;
if (_CONF_add_string(conf, tv, v) == 0) {
- ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_CONF, ERR_R_CONF_LIB);
goto err;
}
v = NULL;
goto err;
}
if (!BUF_MEM_grow_clean(buf, newsize)) {
- ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_CONF, ERR_R_BUF_LIB);
goto err;
}
while (*p)
newlen = pathlen + namelen + 2;
newpath = OPENSSL_zalloc(newlen);
- if (newpath == NULL) {
- ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE);
+ if (newpath == NULL)
break;
- }
#ifdef OPENSSL_SYS_VMS
/*
* If the given path isn't clear VMS syntax,
static int is_keytype(const CONF *conf, char c, unsigned short type)
{
- const unsigned short * keytypes = (const unsigned short *) conf->meth_data;
+ const unsigned short *keytypes = (const unsigned short *) conf->meth_data;
unsigned char key = (unsigned char)c;
#ifdef CHARSET_EBCDIC
projects / openssl.git / blobdiff