Check more return values in the SRP code

author Matt Caswell <matt@openssl.org>

Mon, 14 Jan 2019 11:22:42 +0000 (11:22 +0000)

committer Matt Caswell <matt@openssl.org>

Tue, 15 Jan 2019 11:29:40 +0000 (11:29 +0000)
author Matt Caswell <matt@openssl.org>
Mon, 14 Jan 2019 11:22:42 +0000 (11:22 +0000)
committer Matt Caswell <matt@openssl.org>
Tue, 15 Jan 2019 11:29:40 +0000 (11:29 +0000)
diff --git a/crypto/srp/srp_lib.c b/crypto/srp/srp_lib.c

index c43d27aec7e0270684584f7ee4029800a984d132..8cba189ef3b88b4c5607ed572a5bc822197ab215 100644 (file)
--- a/crypto/srp/srp_lib.c
+++ b/crypto/srp/srp_lib.c
@@ -26,6 +26,7 @@ static BIGNUM *srp_Calc_xy(const BIGNUM *x, const BIGNUM *y, const BIGNUM *N)
      unsigned char *tmp = NULL;
      int numN = BN_num_bytes(N);
      BIGNUM *res = NULL;
+
      if (x != N && BN_ucmp(x, N) >= 0)
          return NULL;
      if (y != N && BN_ucmp(y, N) >= 0)
@@ -139,7 +140,8 @@ BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass)
          || !EVP_DigestFinal_ex(ctxt, dig, NULL)
          || !EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL))
          goto err;
-    BN_bn2bin(s, cs);
+    if (BN_bn2bin(s, cs) < 0)
+        goto err;
      if (!EVP_DigestUpdate(ctxt, cs, BN_num_bytes(s)))
          goto err;
  
diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c

index 7e32f096d0b70dbfb83974a407917574b369d333..d69e330ce36284c10923002b29e2d4024060b8c2 100644 (file)
--- a/crypto/srp/srp_vfy.c
+++ b/crypto/srp/srp_vfy.c
@@ -614,10 +614,14 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
          if ((len = t_fromb64(tmp, sizeof(tmp), N)) <= 0)
              goto err;
          N_bn_alloc = BN_bin2bn(tmp, len, NULL);
+        if (N_bn_alloc == NULL)
+            goto err;
          N_bn = N_bn_alloc;
          if ((len = t_fromb64(tmp, sizeof(tmp) ,g)) <= 0)
              goto err;
          g_bn_alloc = BN_bin2bn(tmp, len, NULL);
+        if (g_bn_alloc == NULL)
+            goto err;
          g_bn = g_bn_alloc;
          defgNid = "*";
      } else {
@@ -639,15 +643,19 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
              goto err;
          s = BN_bin2bn(tmp2, len, NULL);
      }
+    if (s == NULL)
+        goto err;
  
      if (!SRP_create_verifier_BN(user, pass, &s, &v, N_bn, g_bn))
          goto err;
  
-    BN_bn2bin(v, tmp);
+    if (BN_bn2bin(v, tmp) < 0)
+        goto err;
      vfsize = BN_num_bytes(v) * 2;
      if (((vf = OPENSSL_malloc(vfsize)) == NULL))
          goto err;
-    t_tob64(vf, tmp, BN_num_bytes(v));
+    if (!t_tob64(vf, tmp, BN_num_bytes(v)))
+        goto err;
  
      if (*salt == NULL) {
          char *tmp_salt;
@@ -655,7 +663,10 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
          if ((tmp_salt = OPENSSL_malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL) {
              goto err;
          }
-        t_tob64(tmp_salt, tmp2, SRP_RANDOM_SALT_LEN);
+        if (!t_tob64(tmp_salt, tmp2, SRP_RANDOM_SALT_LEN)) {
+            OPENSSL_free(tmp_salt);
+            goto err;
+        }
          *salt = tmp_salt;
      }
  
@@ -702,6 +713,8 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
              goto err;
  
          salttmp = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
+        if (salttmp == NULL)
+            goto err;
      } else {
          salttmp = *salt;
      }
author	Matt Caswell <matt@openssl.org>
	Mon, 14 Jan 2019 11:22:42 +0000 (11:22 +0000)
committer	Matt Caswell <matt@openssl.org>
	Tue, 15 Jan 2019 11:29:40 +0000 (11:29 +0000)
crypto/srp/srp_lib.c		patch \| blob \| history
crypto/srp/srp_vfy.c		patch \| blob \| history