Memory leak and NULL dereference fixes.
authorDr. Stephen Henson <steve@openssl.org>
Fri, 27 Jun 2014 02:21:10 +0000 (03:21 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Fri, 27 Jun 2014 13:35:07 +0000 (14:35 +0100)
PR#3403

apps/apps.c
apps/ca.c
apps/crl2p7.c
crypto/asn1/a_utctm.c
crypto/asn1/ameth_lib.c
crypto/asn1/asn_mime.c
crypto/asn1/asn_pack.c
crypto/asn1/bio_asn1.c
crypto/asn1/evp_asn1.c
crypto/asn1/t_x509.c
crypto/asn1/tasn_enc.c

index 9468848..7e1cf9c 100644 (file)
@@ -394,6 +394,8 @@ int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
                {
                arg->count=20;
                arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count);
+               if (arg->data == NULL)
+                       return 0;
                }
        for (i=0; i<arg->count; i++)
                arg->data[i]=NULL;
@@ -1663,6 +1665,8 @@ char *make_config_name()
 
        len=strlen(t)+strlen(OPENSSL_CONF)+2;
        p=OPENSSL_malloc(len);
+       if (p == NULL)
+               return NULL;
        BUF_strlcpy(p,t,len);
 #ifndef OPENSSL_SYS_VMS
        BUF_strlcat(p,"/",len);
index 934970d..bc5778d 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -2800,6 +2800,9 @@ char *make_revocation_str(int rev_type, char *rev_arg)
 
        revtm = X509_gmtime_adj(NULL, 0);
 
+       if (!revtm)
+               return NULL;
+
        i = revtm->length + 1;
 
        if (reason) i += strlen(reason) + 1;
index bbc8377..42c6886 100644 (file)
@@ -141,7 +141,13 @@ int MAIN(int argc, char **argv)
                        {
                        if (--argc < 1) goto bad;
                        if(!certflst) certflst = sk_OPENSSL_STRING_new_null();
-                       sk_OPENSSL_STRING_push(certflst,*(++argv));
+                       if (!certflst)
+                               goto end;
+                       if (!sk_OPENSSL_STRING_push(certflst,*(++argv)))
+                               {
+                               sk_OPENSSL_STRING_free(certflst);
+                               goto end;
+                               }
                        }
                else
                        {
index 2da5f25..468123c 100644 (file)
@@ -240,24 +240,29 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
        struct tm *ts;
        struct tm data;
        size_t len = 20;
+       int free_s = 0;
 
        if (s == NULL)
+               {
+               free_s = 1;
                s=M_ASN1_UTCTIME_new();
+               }
        if (s == NULL)
-               return(NULL);
+               goto err;
+
 
        ts=OPENSSL_gmtime(&t, &data);
        if (ts == NULL)
-               return(NULL);
+               goto err;
 
        if (offset_day || offset_sec)
                { 
                if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
-                       return NULL;
+                       goto err;
                }
 
        if((ts->tm_year < 50) || (ts->tm_year >= 150))
-               return NULL;
+               goto err;
 
        p=(char *)s->data;
        if ((p == NULL) || ((size_t)s->length < len))
@@ -266,7 +271,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
                if (p == NULL)
                        {
                        ASN1err(ASN1_F_ASN1_UTCTIME_ADJ,ERR_R_MALLOC_FAILURE);
-                       return(NULL);
+                       goto err;
                        }
                if (s->data != NULL)
                        OPENSSL_free(s->data);
@@ -281,6 +286,10 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
        ebcdic2ascii(s->data, s->data, s->length);
 #endif
        return(s);
+       err:
+       if (free_s && s)
+               M_ASN1_UTCTIME_free(s);
+       return NULL;
        }
 
 
index f317204..7df3076 100644 (file)
@@ -262,7 +262,12 @@ int EVP_PKEY_asn1_add_alias(int to, int from)
        if (!ameth)
                return 0;
        ameth->pkey_base_id = to;
-       return EVP_PKEY_asn1_add0(ameth);
+       if (!EVP_PKEY_asn1_add0(ameth))
+               {
+               EVP_PKEY_asn1_free(ameth);
+               return 0;
+               }
+       return 1;
        }
 
 int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *ppkey_base_id, int *ppkey_flags,
index 1208893..116c3e7 100644 (file)
@@ -683,6 +683,8 @@ static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio)
        int len, state, save_state = 0;
 
        headers = sk_MIME_HEADER_new(mime_hdr_cmp);
+       if (!headers)
+               return NULL;
        while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
        /* If whitespace at line start then continuation line */
        if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME;
index ad73821..00dbf5a 100644 (file)
@@ -134,15 +134,23 @@ ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, ASN1_STRING **oct)
                
        if (!(octmp->length = i2d(obj, NULL))) {
                ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR);
-               return NULL;
+               goto err;
        }
        if (!(p = OPENSSL_malloc (octmp->length))) {
                ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
-               return NULL;
+               goto err;
        }
        octmp->data = p;
        i2d (obj, &p);
        return octmp;
+       err:
+       if (!oct || !*oct)
+               {
+               ASN1_STRING_free(octmp);
+               if (oct)
+                       *oct = NULL;
+               }
+       return NULL;
 }
 
 #endif
index dc7efd5..bca4eeb 100644 (file)
@@ -154,7 +154,10 @@ static int asn1_bio_new(BIO *b)
        if (!ctx)
                return 0;
        if (!asn1_bio_init(ctx, DEFAULT_ASN1_BUF_SIZE))
+               {
+               OPENSSL_free(ctx);
                return 0;
+               }
        b->init = 1;
        b->ptr = (char *)ctx;
        b->flags = 0;
index f3d9804..1b94459 100644 (file)
@@ -66,7 +66,11 @@ int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len)
        ASN1_STRING *os;
 
        if ((os=M_ASN1_OCTET_STRING_new()) == NULL) return(0);
-       if (!M_ASN1_OCTET_STRING_set(os,data,len)) return(0);
+       if (!M_ASN1_OCTET_STRING_set(os,data,len))
+               {
+               M_ASN1_OCTET_STRING_free(os);
+               return 0;
+               }
        ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,os);
        return(1);
        }
index 8eb0b79..111ea5a 100644 (file)
@@ -493,6 +493,8 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
        l=80-2-obase;
 
        b=X509_NAME_oneline(name,NULL,0);
+       if (!b)
+               return 0;
        if (!*b)
                {
                OPENSSL_free(b);
index 936ad1f..1390e5e 100644 (file)
@@ -453,9 +453,14 @@ static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
                        {
                        derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk)
                                                * sizeof(*derlst));
+                       if (!derlst)
+                               return 0;
                        tmpdat = OPENSSL_malloc(skcontlen);
-                       if (!derlst || !tmpdat)
+                       if (!tmpdat)
+                               {
+                               OPENSSL_free(derlst);
                                return 0;
+                               }
                        }
                }
        /* If not sorting just output each item */