From 37cad7e65641e83d9f92b47fd0e34ea2d8c3b277 Mon Sep 17 00:00:00 2001 From: FdaSilvaYY Date: Tue, 8 Jan 2019 16:27:27 +1000 Subject: [PATCH] Fix CID 1434549: Unchecked return value in test/evp_test.c 5. check_return: Calling EVP_EncodeUpdate without checking return value (as is done elsewhere 4 out of 5 times). Fix CID 1371695, 1371698: Resource leak in test/evp_test.c - leaked_storage: Variable edata going out of scope leaks the storage it points to. - leaked_storage: Variable encode_ctx going out of scope leaks the storage it points to Fix CID 1430437, 1430426, 1430429 : Dereference before null check in test/drbg_cavs_test.c check_after_deref: Null-checking drbg suggests that it may be null, but it has already been dereferenced on all paths leading to the check Fix CID 1440765: Dereference before null check in test/ssltestlib.c check_after_deref: Null-checking ctx suggests that it may be null, but it has already been dereferenced on all paths leading to the check. Reviewed-by: Matt Caswell Reviewed-by: Paul Dale Reviewed-by: Matthias St. Pierre Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/7993) (cherry picked from commit 760e2d60e62511a6fb96f547f6730d05eb5f47ec) --- test/drbg_cavs_test.c | 29 ++++++++++------------------- test/evp_test.c | 21 ++++++++++++--------- test/ssltestlib.c | 6 ++++-- 3 files changed, 26 insertions(+), 30 deletions(-) diff --git a/test/drbg_cavs_test.c b/test/drbg_cavs_test.c index 413f5bf698..eea387b4f9 100644 --- a/test/drbg_cavs_test.c +++ b/test/drbg_cavs_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -104,12 +104,9 @@ static int single_kat_no_reseed(const struct drbg_kat *td) failures++; err: - if (buff != NULL) - OPENSSL_free(buff); - if (drbg != NULL) { - RAND_DRBG_uninstantiate(drbg); - RAND_DRBG_free(drbg); - } + OPENSSL_free(buff); + RAND_DRBG_uninstantiate(drbg); + RAND_DRBG_free(drbg); return failures == 0; } @@ -172,12 +169,9 @@ static int single_kat_pr_false(const struct drbg_kat *td) failures++; err: - if (buff != NULL) - OPENSSL_free(buff); - if (drbg != NULL) { - RAND_DRBG_uninstantiate(drbg); - RAND_DRBG_free(drbg); - } + OPENSSL_free(buff); + RAND_DRBG_uninstantiate(drbg); + RAND_DRBG_free(drbg); return failures == 0; } @@ -243,12 +237,9 @@ static int single_kat_pr_true(const struct drbg_kat *td) failures++; err: - if (buff != NULL) - OPENSSL_free(buff); - if (drbg != NULL) { - RAND_DRBG_uninstantiate(drbg); - RAND_DRBG_free(drbg); - } + OPENSSL_free(buff); + RAND_DRBG_uninstantiate(drbg); + RAND_DRBG_free(drbg); return failures == 0; } diff --git a/test/evp_test.c b/test/evp_test.c index e7e376e657..85c1552a7a 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1559,15 +1559,18 @@ static int encode_test_init(EVP_TEST *t, const char *encoding) } else if (strcmp(encoding, "invalid") == 0) { edata->encoding = BASE64_INVALID_ENCODING; if (!TEST_ptr(t->expected_err = OPENSSL_strdup("DECODE_ERROR"))) - return 0; + goto err; } else { TEST_error("Bad encoding: %s." " Should be one of {canonical, valid, invalid}", encoding); - return 0; + goto err; } t->data = edata; return 1; +err: + OPENSSL_free(edata); + return 0; } static void encode_test_cleanup(EVP_TEST *t) @@ -1596,7 +1599,7 @@ static int encode_test_run(EVP_TEST *t) ENCODE_DATA *expected = t->data; unsigned char *encode_out = NULL, *decode_out = NULL; int output_len, chunk_len; - EVP_ENCODE_CTX *decode_ctx; + EVP_ENCODE_CTX *decode_ctx = NULL, *encode_ctx = NULL; if (!TEST_ptr(decode_ctx = EVP_ENCODE_CTX_new())) { t->err = "INTERNAL_ERROR"; @@ -1604,7 +1607,6 @@ static int encode_test_run(EVP_TEST *t) } if (expected->encoding == BASE64_CANONICAL_ENCODING) { - EVP_ENCODE_CTX *encode_ctx; if (!TEST_ptr(encode_ctx = EVP_ENCODE_CTX_new()) || !TEST_ptr(encode_out = @@ -1612,15 +1614,15 @@ static int encode_test_run(EVP_TEST *t) goto err; EVP_EncodeInit(encode_ctx); - EVP_EncodeUpdate(encode_ctx, encode_out, &chunk_len, - expected->input, expected->input_len); + if (!TEST_true(EVP_EncodeUpdate(encode_ctx, encode_out, &chunk_len, + expected->input, expected->input_len))) + goto err; + output_len = chunk_len; EVP_EncodeFinal(encode_ctx, encode_out + chunk_len, &chunk_len); output_len += chunk_len; - EVP_ENCODE_CTX_free(encode_ctx); - if (!memory_err_compare(t, "BAD_ENCODING", expected->output, expected->output_len, encode_out, output_len)) @@ -1658,6 +1660,7 @@ static int encode_test_run(EVP_TEST *t) OPENSSL_free(encode_out); OPENSSL_free(decode_out); EVP_ENCODE_CTX_free(decode_ctx); + EVP_ENCODE_CTX_free(encode_ctx); return 1; } diff --git a/test/ssltestlib.c b/test/ssltestlib.c index eafac3cc42..2a774f23c4 100644 --- a/test/ssltestlib.c +++ b/test/ssltestlib.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -428,7 +428,7 @@ int mempacket_test_inject(BIO *bio, const char *in, int inl, int pktnum, { MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio); MEMPACKET *thispkt = NULL, *looppkt, *nextpkt, *allpkts[3]; - int i, duprec = ctx->duprec > 0; + int i, duprec; const unsigned char *inu = (const unsigned char *)in; size_t len = ((inu[RECORD_LEN_HI] << 8) | inu[RECORD_LEN_LO]) + DTLS1_RT_HEADER_LENGTH; @@ -441,6 +441,8 @@ int mempacket_test_inject(BIO *bio, const char *in, int inl, int pktnum, if ((size_t)inl == len) duprec = 0; + else + duprec = ctx->duprec > 0; /* We don't support arbitrary injection when duplicating records */ if (duprec && pktnum != -1) -- 2.25.1