From c4ac954c59322fdb381ce2305897afdf399299da Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 30 May 2002 16:50:38 +0000 Subject: [PATCH] Check the return values where memory allocation failures may happen. PR: 49 --- crypto/asn1/a_enum.c | 12 +++++++++++- crypto/asn1/a_int.c | 11 ++++++++++- crypto/asn1/a_set.c | 4 ++-- crypto/asn1/x_pubkey.c | 8 ++++++-- crypto/bio/bf_nbio.c | 2 +- crypto/bn/bn_div.c | 8 ++++---- crypto/bn/bn_mont.c | 6 +++--- crypto/bn/bn_mul.c | 14 +++++++------- crypto/evp/bio_enc.c | 2 +- crypto/objects/o_names.c | 3 +++ crypto/objects/obj_dat.c | 2 +- crypto/rsa/rsa_eay.c | 2 +- crypto/txt_db/txt_db.c | 2 +- crypto/x509v3/v3_ia5.c | 2 +- 14 files changed, 52 insertions(+), 26 deletions(-) diff --git a/crypto/asn1/a_enum.c b/crypto/asn1/a_enum.c index 8a315fa371..35232d82b2 100644 --- a/crypto/asn1/a_enum.c +++ b/crypto/asn1/a_enum.c @@ -151,7 +151,17 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai) else ret->type=V_ASN1_ENUMERATED; j=BN_num_bits(bn); len=((j == 0)?0:((j/8)+1)); - ret->data=(unsigned char *)OPENSSL_malloc(len+4); + if (ret->length < len+4) + { + char *new_data=(char *)OPENSSL_realloc(ret->data, len+4); + if (!new_data) + { + ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE); + goto err; + } + ret->data=new_data; + } + ret->length=BN_bn2bin(bn,ret->data); return(ret); err: diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c index 496704b9a5..8ae9827f6e 100644 --- a/crypto/asn1/a_int.c +++ b/crypto/asn1/a_int.c @@ -397,7 +397,16 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai) else ret->type=V_ASN1_INTEGER; j=BN_num_bits(bn); len=((j == 0)?0:((j/8)+1)); - ret->data=(unsigned char *)OPENSSL_malloc(len+4); + if (ret->length < len+4) + { + char *new_data=(char *)OPENSSL_realloc(ret->data, len+4); + if (!new_data) + { + ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE); + goto err; + } + ret->data=new_data; + } ret->length=BN_bn2bin(bn,ret->data); /* Correct zero case */ if(!ret->length) diff --git a/crypto/asn1/a_set.c b/crypto/asn1/a_set.c index 19bb60fca8..0f839822ff 100644 --- a/crypto/asn1/a_set.c +++ b/crypto/asn1/a_set.c @@ -118,7 +118,7 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, int (*func)(), int ex_tag, } pStart = p; /* Catch the beg of Setblobs*/ - rgSetBlob = (MYBLOB *)OPENSSL_malloc( sk_num(a) * sizeof(MYBLOB)); /* In this array + if (!(rgSetBlob = (MYBLOB *)OPENSSL_malloc( sk_num(a) * sizeof(MYBLOB)))) return 0; /* In this array we will store the SET blobs */ for (i=0; iwrite_params=0; ASN1_TYPE_free(a->parameter); i=i2d_DSAparams(dsa,NULL); - p=(unsigned char *)OPENSSL_malloc(i); + if ((p=(unsigned char *)OPENSSL_malloc(i)) == NULL) goto err; pp=p; i2d_DSAparams(dsa,&pp); a->parameter=ASN1_TYPE_new(); @@ -136,7 +136,11 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) } if ((i=i2d_PublicKey(pkey,NULL)) <= 0) goto err; - if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL) goto err; + if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL) + { + X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); + goto err; + } p=s; i2d_PublicKey(pkey,&p); if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i)) goto err; diff --git a/crypto/bio/bf_nbio.c b/crypto/bio/bf_nbio.c index c193e9debf..1ce2bfacc0 100644 --- a/crypto/bio/bf_nbio.c +++ b/crypto/bio/bf_nbio.c @@ -103,7 +103,7 @@ static int nbiof_new(BIO *bi) { NBIO_TEST *nt; - nt=(NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST)); + if (!(nt=(NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST)))) return(0); nt->lrn= -1; nt->lwn= -1; bi->ptr=(char *)nt; diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c index ac1a09615a..f9a095e3b3 100644 --- a/crypto/bn/bn_div.c +++ b/crypto/bn/bn_div.c @@ -200,10 +200,10 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, /* First we normalise the numbers */ norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2); - BN_lshift(sdiv,divisor,norm_shift); + if (!(BN_lshift(sdiv,divisor,norm_shift))) goto err; sdiv->neg=0; norm_shift+=BN_BITS2; - BN_lshift(snum,num,norm_shift); + if (!(BN_lshift(snum,num,norm_shift))) goto err; snum->neg=0; div_n=sdiv->top; num_n=snum->top; @@ -327,7 +327,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, tmp->top=j; j=wnum.top; - BN_sub(&wnum,&wnum,tmp); + if (!BN_sub(&wnum,&wnum,tmp)) goto err; snum->top=snum->top+wnum.top-j; @@ -335,7 +335,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, { q--; j=wnum.top; - BN_add(&wnum,&wnum,sdiv); + if (!BN_add(&wnum,&wnum,sdiv)) goto err; snum->top+=wnum.top-j; } *(resp--)=q; diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index 82942a4759..c9ebdbaabe 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -221,7 +221,7 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, if (!BN_mul(t1,t2,&mont->N,ctx)) goto err; if (!BN_add(t2,a,t1)) goto err; - BN_rshift(ret,t2,mont->ri); + if (!BN_rshift(ret,t2,mont->ri)) goto err; #endif /* MONT_WORD */ if (BN_ucmp(ret, &(mont->N)) >= 0) @@ -282,8 +282,8 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) BN_ULONG buf[2]; mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2; - BN_zero(R); - BN_set_bit(R,BN_BITS2); /* R */ + if (!(BN_zero(R))) goto err; + if (!(BN_set_bit(R,BN_BITS2))) goto err; /* R */ buf[0]=mod->d[0]; /* tmod = N mod word size */ buf[1]=0; diff --git a/crypto/bn/bn_mul.c b/crypto/bn/bn_mul.c index 7bffc9c16a..fd598b8b3d 100644 --- a/crypto/bn/bn_mul.c +++ b/crypto/bn/bn_mul.c @@ -964,7 +964,7 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) if ((al == 0) || (bl == 0)) { - BN_zero(r); + if (!BN_zero(r)) goto err; return(1); } top=al+bl; @@ -1044,7 +1044,7 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA)) { BIGNUM *tmp_bn = (BIGNUM *)b; - bn_wexpand(tmp_bn,al); + if (bn_wexpand(tmp_bn,al) == NULL) goto err; tmp_bn->d[bl]=0; bl++; i--; @@ -1052,7 +1052,7 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA)) { BIGNUM *tmp_bn = (BIGNUM *)a; - bn_wexpand(tmp_bn,bl); + if (bn_wexpand(tmp_bn,bl) == NULL) goto err; tmp_bn->d[al]=0; al++; i++; @@ -1067,14 +1067,14 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) t = BN_CTX_get(ctx); if (al == j) /* exact multiple */ { - bn_wexpand(t,k*2); - bn_wexpand(rr,k*2); + if (bn_wexpand(t,k*2) == NULL) goto err; + if (bn_wexpand(rr,k*2) == NULL) goto err; bn_mul_recursive(rr->d,a->d,b->d,al,t->d); } else { - bn_wexpand(t,k*4); - bn_wexpand(rr,k*4); + if (bn_wexpand(t,k*4) == NULL) goto err; + if (bn_wexpand(rr,k*4) == NULL) goto err; bn_mul_part_recursive(rr->d,a->d,b->d,al-j,j,t->d); } rr->top=top; diff --git a/crypto/evp/bio_enc.c b/crypto/evp/bio_enc.c index 05f4249458..64fb2353af 100644 --- a/crypto/evp/bio_enc.c +++ b/crypto/evp/bio_enc.c @@ -110,8 +110,8 @@ static int enc_new(BIO *bi) BIO_ENC_CTX *ctx; ctx=(BIO_ENC_CTX *)OPENSSL_malloc(sizeof(BIO_ENC_CTX)); - EVP_CIPHER_CTX_init(&ctx->cipher); if (ctx == NULL) return(0); + EVP_CIPHER_CTX_init(&ctx->cipher); ctx->buf_len=0; ctx->buf_off=0; diff --git a/crypto/objects/o_names.c b/crypto/objects/o_names.c index 2b80243256..b4453b4a98 100644 --- a/crypto/objects/o_names.c +++ b/crypto/objects/o_names.c @@ -79,6 +79,8 @@ int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *), { MemCheck_off(); name_funcs = OPENSSL_malloc(sizeof(NAME_FUNCS)); + MemCheck_on(); + if (!name_funcs) return(0); name_funcs->hash_func = lh_strhash; name_funcs->cmp_func = OPENSSL_strcmp; name_funcs->free_func = 0; /* NULL is often declared to @@ -86,6 +88,7 @@ int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *), * to Compaq C is not really * compatible with a function * pointer. -- Richard Levitte*/ + MemCheck_off(); sk_NAME_FUNCS_push(name_funcs_stack,name_funcs); MemCheck_on(); } diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index 8779ba7d1d..3ff64bb8d1 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -236,7 +236,7 @@ int OBJ_add_object(const ASN1_OBJECT *obj) if (added == NULL) if (!init_added()) return(0); if ((o=OBJ_dup(obj)) == NULL) goto err; - ao[ADDED_NID]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)); + if (!(ao[ADDED_NID]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err; if ((o->length != 0) && (obj->data != NULL)) ao[ADDED_DATA]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)); if (o->sn != NULL) diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index d82dd15493..0eda816081 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -479,10 +479,10 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) int ret=0; BN_CTX *ctx; - if ((ctx=BN_CTX_new()) == NULL) goto err; BN_init(&m1); BN_init(&r1); BN_init(&vrfy); + if ((ctx=BN_CTX_new()) == NULL) goto err; if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) { diff --git a/crypto/txt_db/txt_db.c b/crypto/txt_db/txt_db.c index e6334d6add..9b186f2da5 100644 --- a/crypto/txt_db/txt_db.c +++ b/crypto/txt_db/txt_db.c @@ -122,7 +122,7 @@ TXT_DB *TXT_DB_read(BIO *in, int num) else { buf->data[offset-1]='\0'; /* blat the '\n' */ - p=(char *)OPENSSL_malloc(add+offset); + if (!(p=(char *)OPENSSL_malloc(add+offset))) goto err; offset=0; } pp=(char **)p; diff --git a/crypto/x509v3/v3_ia5.c b/crypto/x509v3/v3_ia5.c index f3bba38269..f9414456de 100644 --- a/crypto/x509v3/v3_ia5.c +++ b/crypto/x509v3/v3_ia5.c @@ -82,7 +82,7 @@ static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, { char *tmp; if(!ia5 || !ia5->length) return NULL; - tmp = OPENSSL_malloc(ia5->length + 1); + if (!(tmp = OPENSSL_malloc(ia5->length + 1))) return NULL; memcpy(tmp, ia5->data, ia5->length); tmp[ia5->length] = 0; return tmp; -- 2.25.1