Memory leak and NULL derefernce fixes.
authorDr. Stephen Henson <steve@openssl.org>
Fri, 27 Jun 2014 02:21:10 +0000 (03:21 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Fri, 27 Jun 2014 02:21:10 +0000 (03:21 +0100)
PR#3403

apps/apps.c
apps/ca.c
apps/crl2p7.c
crypto/asn1/a_utctm.c
crypto/asn1/ameth_lib.c
crypto/asn1/asn_mime.c
crypto/asn1/asn_pack.c
crypto/asn1/bio_asn1.c
crypto/asn1/evp_asn1.c
crypto/asn1/t_x509.c
crypto/asn1/tasn_enc.c

index b76db10a5e5b3140a9bd2d6429e6cbf9b79b3d56..3e18289a4b5b8968ce412e2bcbb208ea8e51954f 100644 (file)
@@ -390,6 +390,8 @@ int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
                {
                arg->count=20;
                arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count);
+               if (arg->data == NULL)
+                       return 0;
                }
        for (i=0; i<arg->count; i++)
                arg->data[i]=NULL;
@@ -1542,6 +1544,8 @@ char *make_config_name()
 
        len=strlen(t)+strlen(OPENSSL_CONF)+2;
        p=OPENSSL_malloc(len);
+       if (p == NULL)
+               return NULL;
        BUF_strlcpy(p,t,len);
 #ifndef OPENSSL_SYS_VMS
        BUF_strlcat(p,"/",len);
index 1cf50e00294d6355b99591c0b2ce6bdfdcf42df6..cf7c04482a249434e636f7370b3cf79640f3102c 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -2777,6 +2777,9 @@ char *make_revocation_str(int rev_type, char *rev_arg)
 
        revtm = X509_gmtime_adj(NULL, 0);
 
+       if (!revtm)
+               return NULL;
+
        i = revtm->length + 1;
 
        if (reason) i += strlen(reason) + 1;
index bbc83774dbee7193bc38b988c7d2b38f2aef769d..42c6886b83f81e008b59b6188060ffc4040a0cca 100644 (file)
@@ -141,7 +141,13 @@ int MAIN(int argc, char **argv)
                        {
                        if (--argc < 1) goto bad;
                        if(!certflst) certflst = sk_OPENSSL_STRING_new_null();
-                       sk_OPENSSL_STRING_push(certflst,*(++argv));
+                       if (!certflst)
+                               goto end;
+                       if (!sk_OPENSSL_STRING_push(certflst,*(++argv)))
+                               {
+                               sk_OPENSSL_STRING_free(certflst);
+                               goto end;
+                               }
                        }
                else
                        {
index 072e23659233479ce32b756276276638d95466a6..bbdc9b3222ab75d6a2f7794ba9e00f12885ee347 100644 (file)
@@ -196,24 +196,29 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
        struct tm *ts;
        struct tm data;
        size_t len = 20;
+       int free_s = 0;
 
        if (s == NULL)
+               {
+               free_s = 1;
                s=M_ASN1_UTCTIME_new();
+               }
        if (s == NULL)
-               return(NULL);
+               goto err;
+
 
        ts=OPENSSL_gmtime(&t, &data);
        if (ts == NULL)
-               return(NULL);
+               goto err;
 
        if (offset_day || offset_sec)
                { 
                if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
-                       return NULL;
+                       goto err;
                }
 
        if((ts->tm_year < 50) || (ts->tm_year >= 150))
-               return NULL;
+               goto err;
 
        p=(char *)s->data;
        if ((p == NULL) || ((size_t)s->length < len))
@@ -222,7 +227,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
                if (p == NULL)
                        {
                        ASN1err(ASN1_F_ASN1_UTCTIME_ADJ,ERR_R_MALLOC_FAILURE);
-                       return(NULL);
+                       goto err;
                        }
                if (s->data != NULL)
                        OPENSSL_free(s->data);
@@ -237,6 +242,10 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
        ebcdic2ascii(s->data, s->data, s->length);
 #endif
        return(s);
+       err:
+       if (free_s && s)
+               M_ASN1_UTCTIME_free(s);
+       return NULL;
        }
 
 
@@ -261,6 +270,11 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
        t -= offset*60; /* FIXME: may overflow in extreme cases */
 
        tm = OPENSSL_gmtime(&t, &data);
+       /* NB: -1, 0, 1 already valid return values so use -2 to
+        * indicate error.
+        */
+       if (tm == NULL)
+               return -2;
        
 #define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1
        year = g2(s->data);
index a19e058fca693f429868bd3e5d9be5ecec133fac..ef153d4615992b0d0eb58b9345f4087591b98499 100644 (file)
@@ -258,7 +258,12 @@ int EVP_PKEY_asn1_add_alias(int to, int from)
        if (!ameth)
                return 0;
        ameth->pkey_base_id = to;
-       return EVP_PKEY_asn1_add0(ameth);
+       if (!EVP_PKEY_asn1_add0(ameth))
+               {
+               EVP_PKEY_asn1_free(ameth);
+               return 0;
+               }
+       return 1;
        }
 
 int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *ppkey_base_id, int *ppkey_flags,
index 54a704a969ead5e66680da2e712aed00ae3101dc..13d003bce3cd5e77ce6445d03d05dca148078ea3 100644 (file)
@@ -667,6 +667,8 @@ static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio)
        int len, state, save_state = 0;
 
        headers = sk_MIME_HEADER_new(mime_hdr_cmp);
+       if (!headers)
+               return NULL;
        while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
        /* If whitespace at line start then continuation line */
        if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME;
index ad738217d7786a4e4ebad367774b87bccc9a8f7c..00dbf5ad3c0a6276482daf5d496127b6e00d1c88 100644 (file)
@@ -134,15 +134,23 @@ ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, ASN1_STRING **oct)
                
        if (!(octmp->length = i2d(obj, NULL))) {
                ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR);
-               return NULL;
+               goto err;
        }
        if (!(p = OPENSSL_malloc (octmp->length))) {
                ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
-               return NULL;
+               goto err;
        }
        octmp->data = p;
        i2d (obj, &p);
        return octmp;
+       err:
+       if (!oct || !*oct)
+               {
+               ASN1_STRING_free(octmp);
+               if (oct)
+                       *oct = NULL;
+               }
+       return NULL;
 }
 
 #endif
index dc7efd551c05c99e7a9d1925ef23476544e0fa56..bca4eebf6d3fb62ab8abdfa15398764f983e1321 100644 (file)
@@ -154,7 +154,10 @@ static int asn1_bio_new(BIO *b)
        if (!ctx)
                return 0;
        if (!asn1_bio_init(ctx, DEFAULT_ASN1_BUF_SIZE))
+               {
+               OPENSSL_free(ctx);
                return 0;
+               }
        b->init = 1;
        b->ptr = (char *)ctx;
        b->flags = 0;
index f3d9804860ec31fc09d885f18f3c6e3e47ad00da..1b9445973e49e803f57d2e927bff7a0b9f12704b 100644 (file)
@@ -66,7 +66,11 @@ int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len)
        ASN1_STRING *os;
 
        if ((os=M_ASN1_OCTET_STRING_new()) == NULL) return(0);
-       if (!M_ASN1_OCTET_STRING_set(os,data,len)) return(0);
+       if (!M_ASN1_OCTET_STRING_set(os,data,len))
+               {
+               M_ASN1_OCTET_STRING_free(os);
+               return 0;
+               }
        ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,os);
        return(1);
        }
index edbb39a02f7a5749e183de368b5bf8f34b4226f1..8e961f5e7d5943d2c4d5b8983f6848973ebddb62 100644 (file)
@@ -475,6 +475,8 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
        l=80-2-obase;
 
        b=X509_NAME_oneline(name,NULL,0);
+       if (!b)
+               return 0;
        if (!*b)
                {
                OPENSSL_free(b);
index 936ad1f767c686ce612378b342ac9cff00f008aa..1390e5e6aef7d12144cd63b1f4d79d4559e09d90 100644 (file)
@@ -453,9 +453,14 @@ static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
                        {
                        derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk)
                                                * sizeof(*derlst));
+                       if (!derlst)
+                               return 0;
                        tmpdat = OPENSSL_malloc(skcontlen);
-                       if (!derlst || !tmpdat)
+                       if (!tmpdat)
+                               {
+                               OPENSSL_free(derlst);
                                return 0;
+                               }
                        }
                }
        /* If not sorting just output each item */