Check the return from OPENSSL_buf2hexstr()

The function OPENSSL_buf2hexstr() can return NULL if it fails to allocate
memory so the callers should check its return value.

Fixes #10525

Reported-by: Ziyang Li (@Liby99)
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10526)

diff --git a/apps/kdf.c b/apps/kdf.c
index 66e7e7a7c1e34e41c9a590333d69010374d88606..82818f1ff3e5046066255aa7594565da5abf7682 100644 (file)
--- a/apps/kdf.c
+++ b/apps/kdf.c
@@ -138,6 +138,10 @@ opthelp:
         BIO_write(out, dkm_bytes, dkm_len);
     } else {
         hexout = OPENSSL_buf2hexstr(dkm_bytes, dkm_len);
+        if (hexout == NULL) {
+            BIO_printf(bio_err, "Memory allocation failure\n");
+            goto err;
+        }
         BIO_printf(out, "%s\n\n", hexout);
     }
 

diff --git a/apps/openssl.c b/apps/openssl.c
index 31f598815aa8f761d948cd1cca0113ae0bf8aab7..769555e5e1bc7d4e193501f407252df7ca058c05 100644 (file)
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -113,7 +113,8 @@ static size_t internal_trace_cb(const char *buf, size_t cnt,
         tid = CRYPTO_THREAD_get_current_id();
         hex = OPENSSL_buf2hexstr((const unsigned char *)&tid, sizeof(tid));
         BIO_snprintf(buffer, sizeof(buffer), "TRACE[%s]:%s: ",
-                     hex, OSSL_trace_get_category_name(category));
+                     hex == NULL ? "<null>" : hex,
+                     OSSL_trace_get_category_name(category));
         OPENSSL_free(hex);
         BIO_ctrl(trace_data->bio, PREFIX_CTRL_SET_PREFIX,
                  strlen(buffer), buffer);

diff --git a/crypto/err/err_prn.c b/crypto/err/err_prn.c
index 27e987e0e1f24eac170f94a751a9c617605f9aff..e0184b077120420b1bc72afba73829619ca5c6f8 100644 (file)
--- a/crypto/err/err_prn.c
+++ b/crypto/err/err_prn.c
@@ -36,7 +36,8 @@ void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u),
             data = "";
         hex = OPENSSL_buf2hexstr((const unsigned char *)&tid, sizeof(tid));
         BIO_snprintf(buf, sizeof(buf), "%s:error:%s:%s:%s:%s:%d:%s\n",
-                     hex, lib, func, reason, file, line, data);
+                     hex == NULL ? "<null>" : hex, lib, func, reason, file,
+                     line, data);
         OPENSSL_free(hex);
         if (cb(buf, strlen(buf), u) <= 0)
             break;              /* abort outputting the error report */

diff --git a/crypto/mem_dbg.c b/crypto/mem_dbg.c
index 779ad3cec9a0caf8500af74363bf4ef81eba5488..561dd804374905d8a9a7f918a38666caadcf21c3 100644 (file)
--- a/crypto/mem_dbg.c
+++ b/crypto/mem_dbg.c
@@ -374,8 +374,8 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
 
     hex = OPENSSL_buf2hexstr((const unsigned char *)&m->threadid,
                              sizeof(m->threadid));
-    n = BIO_snprintf(bufp, len, "thread=%s, number=%d, address=%p\n", hex,
-                     m->num, m->addr);
+    n = BIO_snprintf(bufp, len, "thread=%s, number=%d, address=%p\n",
+                     hex == NULL ? "<null>" : hex, m->num, m->addr);
     OPENSSL_free(hex);
     if (n <= 0)
         return;

diff --git a/crypto/x509/v3_akey.c b/crypto/x509/v3_akey.c
index b656b4b5029fe8a74249e8f184924ecfcc68194c..4898869b0b498ea372294de1691c2d6c9dfeeeee 100644 (file)
--- a/crypto/x509/v3_akey.c
+++ b/crypto/x509/v3_akey.c
@@ -42,13 +42,22 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
     char *tmp;
     if (akeyid->keyid) {
         tmp = OPENSSL_buf2hexstr(akeyid->keyid->data, akeyid->keyid->length);
-        X509V3_add_value((akeyid->issuer || akeyid->serial) ? "keyid" : NULL, tmp, &extlist);
+        if (tmp == NULL) {
+            ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+        X509V3_add_value((akeyid->issuer || akeyid->serial) ? "keyid" : NULL,
+                         tmp, &extlist);
         OPENSSL_free(tmp);
     }
     if (akeyid->issuer)
         extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);
     if (akeyid->serial) {
         tmp = OPENSSL_buf2hexstr(akeyid->serial->data, akeyid->serial->length);
+        if (tmp == NULL) {
+            ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
         X509V3_add_value("serial", tmp, &extlist);
         OPENSSL_free(tmp);
     }