From: Matt Caswell Date: Wed, 11 Mar 2015 20:19:08 +0000 (+0000) Subject: Fix dsa_pub_encode X-Git-Tag: OpenSSL_1_0_2a~33 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=20223855e418e1a4cd5f964e4e504d53b8a00fd4;p=oweals%2Fopenssl.git Fix dsa_pub_encode The return value from ASN1_STRING_new() was not being checked which could lead to a NULL deref in the event of a malloc failure. Also fixed a mem leak in the error path. Reviewed-by: Rich Salz (cherry picked from commit 0c7ca4033dcf5398334d4b78a7dfb941c8167a40) --- diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index 529efb7adc..2a5cd71371 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -129,21 +129,23 @@ static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) { DSA *dsa; - void *pval = NULL; int ptype; unsigned char *penc = NULL; int penclen; + ASN1_STRING *str = NULL; dsa = pkey->pkey.dsa; if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) { - ASN1_STRING *str; str = ASN1_STRING_new(); + if (!str) { + DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE); + goto err; + } str->length = i2d_DSAparams(dsa, &str->data); if (str->length <= 0) { DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE); goto err; } - pval = str; ptype = V_ASN1_SEQUENCE; } else ptype = V_ASN1_UNDEF; @@ -158,14 +160,14 @@ static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) } if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA), - ptype, pval, penc, penclen)) + ptype, str, penc, penclen)) return 1; err: if (penc) OPENSSL_free(penc); - if (pval) - ASN1_STRING_free(pval); + if (str) + ASN1_STRING_free(str); return 0; }