From ca96d389816a3d962473c7eed497f87282670f0e Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 22 May 2010 00:30:41 +0000 Subject: [PATCH] PR: 2251 Submitted by: Ger Hobbelt Approved by: steve@openssl.org Memleak, BIO chain leak and realloc checks in v3_pci.c --- crypto/x509v3/v3_pci.c | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c index c254b2ff98..0dcfa004fe 100644 --- a/crypto/x509v3/v3_pci.c +++ b/crypto/x509v3/v3_pci.c @@ -128,7 +128,12 @@ static int process_pci_value(CONF_VALUE *val, unsigned char *tmp_data2 = string_to_hex(val->value + 4, &val_len); - if (!tmp_data2) goto err; + if (!tmp_data2) + { + X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_ILLEGAL_HEX_DIGIT); + X509V3_conf_err(val); + goto err; + } tmp_data = OPENSSL_realloc((*policy)->data, (*policy)->length + val_len + 1); @@ -140,6 +145,17 @@ static int process_pci_value(CONF_VALUE *val, (*policy)->length += val_len; (*policy)->data[(*policy)->length] = '\0'; } + else + { + OPENSSL_free(tmp_data2); + /* realloc failure implies the original data space is b0rked too! */ + (*policy)->data = NULL; + (*policy)->length = 0; + X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE); + X509V3_conf_err(val); + goto err; + } + OPENSSL_free(tmp_data2); } else if (strncmp(val->value, "file:", 5) == 0) { @@ -169,6 +185,7 @@ static int process_pci_value(CONF_VALUE *val, (*policy)->length += n; (*policy)->data[(*policy)->length] = '\0'; } + BIO_free_all(b); if (n < 0) { @@ -190,6 +207,15 @@ static int process_pci_value(CONF_VALUE *val, (*policy)->length += val_len; (*policy)->data[(*policy)->length] = '\0'; } + else + { + /* realloc failure implies the original data space is b0rked too! */ + (*policy)->data = NULL; + (*policy)->length = 0; + X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE); + X509V3_conf_err(val); + goto err; + } } else { -- 2.25.1