From defe438d472bbef4d2bc5e4893560bc4eae43760 Mon Sep 17 00:00:00 2001 From: Jonas Maebe Date: Sun, 8 Dec 2013 22:53:29 +0100 Subject: [PATCH] pub_decode_gost94, pub_decode_gost01: check for NULL after allocating databuf pub_encode_gost94, pub_encode_gost01: check for NULL after allocating databuf and octet Signed-off-by: Kurt Roeckx Reviewed-by: Rich Salz --- engines/ccgost/e_gost_err.h | 1 + engines/ccgost/gost_ameth.c | 37 +++++++++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+) diff --git a/engines/ccgost/e_gost_err.h b/engines/ccgost/e_gost_err.h index 6dc500079d..6049e300a3 100644 --- a/engines/ccgost/e_gost_err.h +++ b/engines/ccgost/e_gost_err.h @@ -111,6 +111,7 @@ void ERR_GOST_error(int function, int reason, char *file, int line); #define GOST_F_PUB_DECODE_GOST01 133 #define GOST_F_PUB_DECODE_GOST94 134 #define GOST_F_PUB_ENCODE_GOST01 135 +#define GOST_F_PUB_ENCODE_GOST94 141 #define GOST_F_UNPACK_CC_SIGNATURE 136 #define GOST_F_UNPACK_CP_SIGNATURE 137 diff --git a/engines/ccgost/gost_ameth.c b/engines/ccgost/gost_ameth.c index 8b9230b9ab..f20f1a7c0b 100644 --- a/engines/ccgost/gost_ameth.c +++ b/engines/ccgost/gost_ameth.c @@ -624,6 +624,12 @@ static int pub_decode_gost94(EVP_PKEY *pk, X509_PUBKEY *pub) return 0; } databuf = OPENSSL_malloc(octet->length); + if (databuf == NULL) + { + GOSTerr(GOST_F_PUB_DECODE_GOST94,ERR_R_MALLOC_FAILURE); + ASN1_OCTET_STRING_free(octet); + return 0; + } for (i=0,j=octet->length-1;ilength;i++,j--) { databuf[j]=octet->data[i]; @@ -655,8 +661,19 @@ static int pub_encode_gost94(X509_PUBKEY *pub,const EVP_PKEY *pk) } data_len = BN_num_bytes(dsa->pub_key); databuf = OPENSSL_malloc(data_len); + if (databuf == NULL) + { + GOSTerr(GOST_F_PUB_ENCODE_GOST94,ERR_R_MALLOC_FAILURE); + return 0; + } BN_bn2bin(dsa->pub_key,databuf); octet = ASN1_OCTET_STRING_new(); + if (octet == NULL) + { + GOSTerr(GOST_F_PUB_ENCODE_GOST94,ERR_R_MALLOC_FAILURE); + OPENSSL_free(databuf); + return 0; + } ASN1_STRING_set(octet,NULL,data_len); sptr = ASN1_STRING_data(octet); for (i=0,j=data_len-1; i< data_len;i++,j--) @@ -695,6 +712,12 @@ static int pub_decode_gost01(EVP_PKEY *pk,X509_PUBKEY *pub) return 0; } databuf = OPENSSL_malloc(octet->length); + if (databuf == NULL) + { + GOSTerr(GOST_F_PUB_DECODE_GOST01,ERR_R_MALLOC_FAILURE); + ASN1_OCTET_STRING_free(octet); + return 0; + } for (i=0,j=octet->length-1;ilength;i++,j--) { databuf[j]=octet->data[i]; @@ -756,6 +779,7 @@ static int pub_encode_gost01(X509_PUBKEY *pub,const EVP_PKEY *pk) { GOSTerr(GOST_F_PUB_ENCODE_GOST01, GOST_R_PUBLIC_KEY_UNDEFINED); + BN_free(order); return 0; } X=BN_new(); @@ -765,6 +789,13 @@ static int pub_encode_gost01(X509_PUBKEY *pub,const EVP_PKEY *pk) data_len = 2*BN_num_bytes(order); BN_free(order); databuf = OPENSSL_malloc(data_len); + if (databuf == NULL) + { + GOSTerr(GOST_F_PUB_ENCODE_GOST01,ERR_R_MALLOC_FAILURE); + BN_free(X); + BN_free(Y); + return 0; + } memset(databuf,0,data_len); store_bignum(X,databuf+data_len/2,data_len/2); @@ -773,6 +804,12 @@ static int pub_encode_gost01(X509_PUBKEY *pub,const EVP_PKEY *pk) BN_free(X); BN_free(Y); octet = ASN1_OCTET_STRING_new(); + if (octet == NULL) + { + GOSTerr(GOST_F_PUB_ENCODE_GOST01,ERR_R_MALLOC_FAILURE); + OPENSSL_free(databuf); + return 0; + } ASN1_STRING_set(octet,NULL,data_len); sptr=ASN1_STRING_data(octet); for (i=0,j=data_len-1;i