Memory leak and NULL dereference fixes.

author Dr. Stephen Henson <steve@openssl.org>

Fri, 27 Jun 2014 02:21:10 +0000 (03:21 +0100)

committer Dr. Stephen Henson <steve@openssl.org>

Fri, 27 Jun 2014 13:53:21 +0000 (14:53 +0100)
author Dr. Stephen Henson <steve@openssl.org>
Fri, 27 Jun 2014 02:21:10 +0000 (03:21 +0100)
committer Dr. Stephen Henson <steve@openssl.org>
Fri, 27 Jun 2014 13:53:21 +0000 (14:53 +0100)
diff --git a/apps/apps.c b/apps/apps.c

index 6bf15f2c53cdda9ca6b5324cdcfd6475db86f687..8d7d2f9a9eb0956022ad22a3c44c6dcc4971f728 100644 (file)
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -390,6 +390,8 @@ int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
                 {
                 arg->count=20;
                 arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count);
+               if (arg->data == NULL)
+                       return 0;
                 }
         for (i=0; i<arg->count; i++)
                 arg->data[i]=NULL;
@@ -1542,6 +1544,8 @@ char *make_config_name()
  
         len=strlen(t)+strlen(OPENSSL_CONF)+2;
         p=OPENSSL_malloc(len);
+       if (p == NULL)
+               return NULL;
         BUF_strlcpy(p,t,len);
  #ifndef OPENSSL_SYS_VMS
         BUF_strlcat(p,"/",len);
diff --git a/apps/ca.c b/apps/ca.c

index 5d11948bb3e89d75cc582344e85e48cecbfaaf8b..3f628900d23c05fff7a8e8e9aaf60491e052e05a 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -2752,6 +2752,9 @@ char *make_revocation_str(int rev_type, char *rev_arg)
  
         revtm = X509_gmtime_adj(NULL, 0);
  
+       if (!revtm)
+               return NULL;
+
         i = revtm->length + 1;
  
         if (reason) i += strlen(reason) + 1;
diff --git a/apps/crl2p7.c b/apps/crl2p7.c

index bbc83774dbee7193bc38b988c7d2b38f2aef769d..42c6886b83f81e008b59b6188060ffc4040a0cca 100644 (file)
--- a/apps/crl2p7.c
+++ b/apps/crl2p7.c
@@ -141,7 +141,13 @@ int MAIN(int argc, char **argv)
                         {
                         if (--argc < 1) goto bad;
                         if(!certflst) certflst = sk_OPENSSL_STRING_new_null();
-                       sk_OPENSSL_STRING_push(certflst,*(++argv));
+                       if (!certflst)
+                               goto end;
+                       if (!sk_OPENSSL_STRING_push(certflst,*(++argv)))
+                               {
+                               sk_OPENSSL_STRING_free(certflst);
+                               goto end;
+                               }
                         }
                 else
                         {
diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.c

index 072e23659233479ce32b756276276638d95466a6..12776e304b6f45eb7d990f18c895ff3c1b816c2f 100644 (file)
--- a/crypto/asn1/a_utctm.c
+++ b/crypto/asn1/a_utctm.c
@@ -196,24 +196,29 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
         struct tm *ts;
         struct tm data;
         size_t len = 20;
+       int free_s = 0;
  
         if (s == NULL)
+               {
+               free_s = 1;
                 s=M_ASN1_UTCTIME_new();
+               }
         if (s == NULL)
-               return(NULL);
+               goto err;
+
  
         ts=OPENSSL_gmtime(&t, &data);
         if (ts == NULL)
-               return(NULL);
+               goto err;
  
         if (offset_day || offset_sec)
                 { 
                 if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
-                       return NULL;
+                       goto err;
                 }
  
         if((ts->tm_year < 50) || (ts->tm_year >= 150))
-               return NULL;
+               goto err;
  
         p=(char *)s->data;
         if ((p == NULL) || ((size_t)s->length < len))
@@ -222,7 +227,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
                 if (p == NULL)
                         {
                         ASN1err(ASN1_F_ASN1_UTCTIME_ADJ,ERR_R_MALLOC_FAILURE);
-                       return(NULL);
+                       goto err;
                         }
                 if (s->data != NULL)
                         OPENSSL_free(s->data);
@@ -237,6 +242,10 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
         ebcdic2ascii(s->data, s->data, s->length);
  #endif
         return(s);
+       err:
+       if (free_s && s)
+               M_ASN1_UTCTIME_free(s);
+       return NULL;
         }
  
  
diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c

index 5a581b90ead7df33f0bac48248352e47053dd883..e2326f9e3ce91ed7d639e8a4ab9ff14cefff1397 100644 (file)
--- a/crypto/asn1/ameth_lib.c
+++ b/crypto/asn1/ameth_lib.c
@@ -256,7 +256,12 @@ int EVP_PKEY_asn1_add_alias(int to, int from)
         if (!ameth)
                 return 0;
         ameth->pkey_base_id = to;
-       return EVP_PKEY_asn1_add0(ameth);
+       if (!EVP_PKEY_asn1_add0(ameth))
+               {
+               EVP_PKEY_asn1_free(ameth);
+               return 0;
+               }
+       return 1;
         }
  
  int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *ppkey_base_id, int *ppkey_flags,
diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c

index 54a704a969ead5e66680da2e712aed00ae3101dc..13d003bce3cd5e77ce6445d03d05dca148078ea3 100644 (file)
--- a/crypto/asn1/asn_mime.c
+++ b/crypto/asn1/asn_mime.c
@@ -667,6 +667,8 @@ static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio)
         int len, state, save_state = 0;
  
         headers = sk_MIME_HEADER_new(mime_hdr_cmp);
+       if (!headers)
+               return NULL;
         while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
         /* If whitespace at line start then continuation line */
         if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME;
diff --git a/crypto/asn1/asn_pack.c b/crypto/asn1/asn_pack.c

index ad738217d7786a4e4ebad367774b87bccc9a8f7c..00dbf5ad3c0a6276482daf5d496127b6e00d1c88 100644 (file)
--- a/crypto/asn1/asn_pack.c
+++ b/crypto/asn1/asn_pack.c
@@ -134,15 +134,23 @@ ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, ASN1_STRING **oct)
                 
         if (!(octmp->length = i2d(obj, NULL))) {
                 ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR);
-               return NULL;
+               goto err;
         }
         if (!(p = OPENSSL_malloc (octmp->length))) {
                 ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
-               return NULL;
+               goto err;
         }
         octmp->data = p;
         i2d (obj, &p);
         return octmp;
+       err:
+       if (!oct || !*oct)
+               {
+               ASN1_STRING_free(octmp);
+               if (oct)
+                       *oct = NULL;
+               }
+       return NULL;
  }
  
  #endif
diff --git a/crypto/asn1/bio_asn1.c b/crypto/asn1/bio_asn1.c

index dc7efd551c05c99e7a9d1925ef23476544e0fa56..bca4eebf6d3fb62ab8abdfa15398764f983e1321 100644 (file)
--- a/crypto/asn1/bio_asn1.c
+++ b/crypto/asn1/bio_asn1.c
@@ -154,7 +154,10 @@ static int asn1_bio_new(BIO *b)
         if (!ctx)
                 return 0;
         if (!asn1_bio_init(ctx, DEFAULT_ASN1_BUF_SIZE))
+               {
+               OPENSSL_free(ctx);
                 return 0;
+               }
         b->init = 1;
         b->ptr = (char *)ctx;
         b->flags = 0;
diff --git a/crypto/asn1/evp_asn1.c b/crypto/asn1/evp_asn1.c

index f3d9804860ec31fc09d885f18f3c6e3e47ad00da..1b9445973e49e803f57d2e927bff7a0b9f12704b 100644 (file)
--- a/crypto/asn1/evp_asn1.c
+++ b/crypto/asn1/evp_asn1.c
@@ -66,7 +66,11 @@ int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len)
         ASN1_STRING *os;
  
         if ((os=M_ASN1_OCTET_STRING_new()) == NULL) return(0);
-       if (!M_ASN1_OCTET_STRING_set(os,data,len)) return(0);
+       if (!M_ASN1_OCTET_STRING_set(os,data,len))
+               {
+               M_ASN1_OCTET_STRING_free(os);
+               return 0;
+               }
         ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,os);
         return(1);
         }
diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c

index 89e7a7f546e36b41cdf895219c6c28e8bda5ae8b..cdc42e762939dc1ba3b1110f5c7f46ba95d08394 100644 (file)
--- a/crypto/asn1/t_x509.c
+++ b/crypto/asn1/t_x509.c
@@ -440,6 +440,8 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
         l=80-2-obase;
  
         b=X509_NAME_oneline(name,NULL,0);
+       if (!b)
+               return 0;
         if (!*b)
                 {
                 OPENSSL_free(b);
diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c

index 936ad1f767c686ce612378b342ac9cff00f008aa..1390e5e6aef7d12144cd63b1f4d79d4559e09d90 100644 (file)
--- a/crypto/asn1/tasn_enc.c
+++ b/crypto/asn1/tasn_enc.c
@@ -453,9 +453,14 @@ static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
                         {
                         derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk)
                                                 * sizeof(*derlst));
+                       if (!derlst)
+                               return 0;
                         tmpdat = OPENSSL_malloc(skcontlen);
-                       if (!derlst || !tmpdat)
+                       if (!tmpdat)
+                               {
+                               OPENSSL_free(derlst);
                                 return 0;
+                               }
                         }
                 }
         /* If not sorting just output each item */
author	Dr. Stephen Henson <steve@openssl.org>
	Fri, 27 Jun 2014 02:21:10 +0000 (03:21 +0100)
committer	Dr. Stephen Henson <steve@openssl.org>
	Fri, 27 Jun 2014 13:53:21 +0000 (14:53 +0100)
apps/apps.c		patch \| blob \| history
apps/ca.c		patch \| blob \| history
apps/crl2p7.c		patch \| blob \| history
crypto/asn1/a_utctm.c		patch \| blob \| history
crypto/asn1/ameth_lib.c		patch \| blob \| history
crypto/asn1/asn_mime.c		patch \| blob \| history
crypto/asn1/asn_pack.c		patch \| blob \| history
crypto/asn1/bio_asn1.c		patch \| blob \| history
crypto/asn1/evp_asn1.c		patch \| blob \| history
crypto/asn1/t_x509.c		patch \| blob \| history
crypto/asn1/tasn_enc.c		patch \| blob \| history