From 17197a2f61d04314b465b71a4ce164b5e219f15c Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 26 Nov 2019 17:15:20 +0000 Subject: [PATCH] Check the return from OPENSSL_buf2hexstr() The function OPENSSL_buf2hexstr() can return NULL if it fails to allocate memory so the callers should check its return value. Fixes #10525 Reported-by: Ziyang Li (@Liby99) Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/10526) --- apps/kdf.c | 4 ++++ apps/openssl.c | 3 ++- crypto/err/err_prn.c | 3 ++- crypto/mem_dbg.c | 4 ++-- crypto/x509/v3_akey.c | 11 ++++++++++- 5 files changed, 20 insertions(+), 5 deletions(-) diff --git a/apps/kdf.c b/apps/kdf.c index 66e7e7a7c1..82818f1ff3 100644 --- a/apps/kdf.c +++ b/apps/kdf.c @@ -138,6 +138,10 @@ opthelp: BIO_write(out, dkm_bytes, dkm_len); } else { hexout = OPENSSL_buf2hexstr(dkm_bytes, dkm_len); + if (hexout == NULL) { + BIO_printf(bio_err, "Memory allocation failure\n"); + goto err; + } BIO_printf(out, "%s\n\n", hexout); } diff --git a/apps/openssl.c b/apps/openssl.c index 31f598815a..769555e5e1 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -113,7 +113,8 @@ static size_t internal_trace_cb(const char *buf, size_t cnt, tid = CRYPTO_THREAD_get_current_id(); hex = OPENSSL_buf2hexstr((const unsigned char *)&tid, sizeof(tid)); BIO_snprintf(buffer, sizeof(buffer), "TRACE[%s]:%s: ", - hex, OSSL_trace_get_category_name(category)); + hex == NULL ? "" : hex, + OSSL_trace_get_category_name(category)); OPENSSL_free(hex); BIO_ctrl(trace_data->bio, PREFIX_CTRL_SET_PREFIX, strlen(buffer), buffer); diff --git a/crypto/err/err_prn.c b/crypto/err/err_prn.c index 27e987e0e1..e0184b0771 100644 --- a/crypto/err/err_prn.c +++ b/crypto/err/err_prn.c @@ -36,7 +36,8 @@ void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u), data = ""; hex = OPENSSL_buf2hexstr((const unsigned char *)&tid, sizeof(tid)); BIO_snprintf(buf, sizeof(buf), "%s:error:%s:%s:%s:%s:%d:%s\n", - hex, lib, func, reason, file, line, data); + hex == NULL ? "" : hex, lib, func, reason, file, + line, data); OPENSSL_free(hex); if (cb(buf, strlen(buf), u) <= 0) break; /* abort outputting the error report */ diff --git a/crypto/mem_dbg.c b/crypto/mem_dbg.c index 779ad3cec9..561dd80437 100644 --- a/crypto/mem_dbg.c +++ b/crypto/mem_dbg.c @@ -374,8 +374,8 @@ static void print_leak(const MEM *m, MEM_LEAK *l) hex = OPENSSL_buf2hexstr((const unsigned char *)&m->threadid, sizeof(m->threadid)); - n = BIO_snprintf(bufp, len, "thread=%s, number=%d, address=%p\n", hex, - m->num, m->addr); + n = BIO_snprintf(bufp, len, "thread=%s, number=%d, address=%p\n", + hex == NULL ? "" : hex, m->num, m->addr); OPENSSL_free(hex); if (n <= 0) return; diff --git a/crypto/x509/v3_akey.c b/crypto/x509/v3_akey.c index b656b4b502..4898869b0b 100644 --- a/crypto/x509/v3_akey.c +++ b/crypto/x509/v3_akey.c @@ -42,13 +42,22 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, char *tmp; if (akeyid->keyid) { tmp = OPENSSL_buf2hexstr(akeyid->keyid->data, akeyid->keyid->length); - X509V3_add_value((akeyid->issuer || akeyid->serial) ? "keyid" : NULL, tmp, &extlist); + if (tmp == NULL) { + ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); + return NULL; + } + X509V3_add_value((akeyid->issuer || akeyid->serial) ? "keyid" : NULL, + tmp, &extlist); OPENSSL_free(tmp); } if (akeyid->issuer) extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist); if (akeyid->serial) { tmp = OPENSSL_buf2hexstr(akeyid->serial->data, akeyid->serial->length); + if (tmp == NULL) { + ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); + return NULL; + } X509V3_add_value("serial", tmp, &extlist); OPENSSL_free(tmp); } -- 2.25.1