Memory leak and NULL dereference fixes.
authorDr. Stephen Henson <steve@openssl.org>
Fri, 27 Jun 2014 02:21:10 +0000 (03:21 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Fri, 27 Jun 2014 13:53:21 +0000 (14:53 +0100)
PR#3403
(cherry picked from commit d2aea038297e0c64ca66e6844cbb37377365885e)

apps/apps.c
apps/ca.c
apps/crl2p7.c
crypto/asn1/a_utctm.c
crypto/asn1/ameth_lib.c
crypto/asn1/asn_mime.c
crypto/asn1/asn_pack.c
crypto/asn1/bio_asn1.c
crypto/asn1/evp_asn1.c
crypto/asn1/t_x509.c
crypto/asn1/tasn_enc.c

index 6bf15f2c53cdda9ca6b5324cdcfd6475db86f687..8d7d2f9a9eb0956022ad22a3c44c6dcc4971f728 100644 (file)
@@ -390,6 +390,8 @@ int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
                {
                arg->count=20;
                arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count);
+               if (arg->data == NULL)
+                       return 0;
                }
        for (i=0; i<arg->count; i++)
                arg->data[i]=NULL;
@@ -1542,6 +1544,8 @@ char *make_config_name()
 
        len=strlen(t)+strlen(OPENSSL_CONF)+2;
        p=OPENSSL_malloc(len);
+       if (p == NULL)
+               return NULL;
        BUF_strlcpy(p,t,len);
 #ifndef OPENSSL_SYS_VMS
        BUF_strlcat(p,"/",len);
index 5d11948bb3e89d75cc582344e85e48cecbfaaf8b..3f628900d23c05fff7a8e8e9aaf60491e052e05a 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -2752,6 +2752,9 @@ char *make_revocation_str(int rev_type, char *rev_arg)
 
        revtm = X509_gmtime_adj(NULL, 0);
 
+       if (!revtm)
+               return NULL;
+
        i = revtm->length + 1;
 
        if (reason) i += strlen(reason) + 1;
index bbc83774dbee7193bc38b988c7d2b38f2aef769d..42c6886b83f81e008b59b6188060ffc4040a0cca 100644 (file)
@@ -141,7 +141,13 @@ int MAIN(int argc, char **argv)
                        {
                        if (--argc < 1) goto bad;
                        if(!certflst) certflst = sk_OPENSSL_STRING_new_null();
-                       sk_OPENSSL_STRING_push(certflst,*(++argv));
+                       if (!certflst)
+                               goto end;
+                       if (!sk_OPENSSL_STRING_push(certflst,*(++argv)))
+                               {
+                               sk_OPENSSL_STRING_free(certflst);
+                               goto end;
+                               }
                        }
                else
                        {
index 072e23659233479ce32b756276276638d95466a6..12776e304b6f45eb7d990f18c895ff3c1b816c2f 100644 (file)
@@ -196,24 +196,29 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
        struct tm *ts;
        struct tm data;
        size_t len = 20;
+       int free_s = 0;
 
        if (s == NULL)
+               {
+               free_s = 1;
                s=M_ASN1_UTCTIME_new();
+               }
        if (s == NULL)
-               return(NULL);
+               goto err;
+
 
        ts=OPENSSL_gmtime(&t, &data);
        if (ts == NULL)
-               return(NULL);
+               goto err;
 
        if (offset_day || offset_sec)
                { 
                if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
-                       return NULL;
+                       goto err;
                }
 
        if((ts->tm_year < 50) || (ts->tm_year >= 150))
-               return NULL;
+               goto err;
 
        p=(char *)s->data;
        if ((p == NULL) || ((size_t)s->length < len))
@@ -222,7 +227,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
                if (p == NULL)
                        {
                        ASN1err(ASN1_F_ASN1_UTCTIME_ADJ,ERR_R_MALLOC_FAILURE);
-                       return(NULL);
+                       goto err;
                        }
                if (s->data != NULL)
                        OPENSSL_free(s->data);
@@ -237,6 +242,10 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
        ebcdic2ascii(s->data, s->data, s->length);
 #endif
        return(s);
+       err:
+       if (free_s && s)
+               M_ASN1_UTCTIME_free(s);
+       return NULL;
        }
 
 
index 5a581b90ead7df33f0bac48248352e47053dd883..e2326f9e3ce91ed7d639e8a4ab9ff14cefff1397 100644 (file)
@@ -256,7 +256,12 @@ int EVP_PKEY_asn1_add_alias(int to, int from)
        if (!ameth)
                return 0;
        ameth->pkey_base_id = to;
-       return EVP_PKEY_asn1_add0(ameth);
+       if (!EVP_PKEY_asn1_add0(ameth))
+               {
+               EVP_PKEY_asn1_free(ameth);
+               return 0;
+               }
+       return 1;
        }
 
 int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *ppkey_base_id, int *ppkey_flags,
index 54a704a969ead5e66680da2e712aed00ae3101dc..13d003bce3cd5e77ce6445d03d05dca148078ea3 100644 (file)
@@ -667,6 +667,8 @@ static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio)
        int len, state, save_state = 0;
 
        headers = sk_MIME_HEADER_new(mime_hdr_cmp);
+       if (!headers)
+               return NULL;
        while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
        /* If whitespace at line start then continuation line */
        if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME;
index ad738217d7786a4e4ebad367774b87bccc9a8f7c..00dbf5ad3c0a6276482daf5d496127b6e00d1c88 100644 (file)
@@ -134,15 +134,23 @@ ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, ASN1_STRING **oct)
                
        if (!(octmp->length = i2d(obj, NULL))) {
                ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR);
-               return NULL;
+               goto err;
        }
        if (!(p = OPENSSL_malloc (octmp->length))) {
                ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
-               return NULL;
+               goto err;
        }
        octmp->data = p;
        i2d (obj, &p);
        return octmp;
+       err:
+       if (!oct || !*oct)
+               {
+               ASN1_STRING_free(octmp);
+               if (oct)
+                       *oct = NULL;
+               }
+       return NULL;
 }
 
 #endif
index dc7efd551c05c99e7a9d1925ef23476544e0fa56..bca4eebf6d3fb62ab8abdfa15398764f983e1321 100644 (file)
@@ -154,7 +154,10 @@ static int asn1_bio_new(BIO *b)
        if (!ctx)
                return 0;
        if (!asn1_bio_init(ctx, DEFAULT_ASN1_BUF_SIZE))
+               {
+               OPENSSL_free(ctx);
                return 0;
+               }
        b->init = 1;
        b->ptr = (char *)ctx;
        b->flags = 0;
index f3d9804860ec31fc09d885f18f3c6e3e47ad00da..1b9445973e49e803f57d2e927bff7a0b9f12704b 100644 (file)
@@ -66,7 +66,11 @@ int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len)
        ASN1_STRING *os;
 
        if ((os=M_ASN1_OCTET_STRING_new()) == NULL) return(0);
-       if (!M_ASN1_OCTET_STRING_set(os,data,len)) return(0);
+       if (!M_ASN1_OCTET_STRING_set(os,data,len))
+               {
+               M_ASN1_OCTET_STRING_free(os);
+               return 0;
+               }
        ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,os);
        return(1);
        }
index 89e7a7f546e36b41cdf895219c6c28e8bda5ae8b..cdc42e762939dc1ba3b1110f5c7f46ba95d08394 100644 (file)
@@ -440,6 +440,8 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
        l=80-2-obase;
 
        b=X509_NAME_oneline(name,NULL,0);
+       if (!b)
+               return 0;
        if (!*b)
                {
                OPENSSL_free(b);
index 936ad1f767c686ce612378b342ac9cff00f008aa..1390e5e6aef7d12144cd63b1f4d79d4559e09d90 100644 (file)
@@ -453,9 +453,14 @@ static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
                        {
                        derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk)
                                                * sizeof(*derlst));
+                       if (!derlst)
+                               return 0;
                        tmpdat = OPENSSL_malloc(skcontlen);
-                       if (!derlst || !tmpdat)
+                       if (!tmpdat)
+                               {
+                               OPENSSL_free(derlst);
                                return 0;
+                               }
                        }
                }
        /* If not sorting just output each item */