src - OpenBSD base system

diff options


context:
space:
mode:

author	Miod Vallat <miod@cvs.openbsd.org>	2015-02-14 12:43:08 +0000
committer	Miod Vallat <miod@cvs.openbsd.org>	2015-02-14 12:43:08 +0000
commit	5444e3f7b6769d79547b3dff4b3cbcbd7c7d2a85 (patch)
tree	69c9b4ff6a8120703882180f4c662c6c91cf9200
parent	6ca57d29f09a6f29e0df7a8e4e419ae47e1f8bfa (diff)

Try and fix a bunch of memory leaks upon error;

ok tedu@ about 7 months ago and I was sitting upon this diff for no reason

Diffstat

-rw-r--r--

lib/libcrypto/pkcs12/p12_add.c

-rw-r--r--

lib/libcrypto/pkcs12/p12_crt.c

-rw-r--r--

lib/libcrypto/pkcs12/p12_decr.c

3 files changed, 33 insertions, 12 deletions

diff --git a/lib/libcrypto/pkcs12/p12_add.c b/lib/libcrypto/pkcs12/p12_add.c
index 11373cda4fa..b141851514b 100644
--- a/lib/libcrypto/pkcs12/p12_add.c
+++ b/lib/libcrypto/pkcs12/p12_add.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: p12_add.c,v 1.11 2014/07/11 08:44:49 jsing Exp $ */

+/* $OpenBSD: p12_add.c,v 1.12 2015/02/14 12:43:07 miod Exp $ */

/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL

* project 1999.

@@ -78,11 +78,13 @@ PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1, int nid2)

if (!ASN1_item_pack(obj, it, &bag->value.octet)) {

PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG,

ERR_R_MALLOC_FAILURE);

+ PKCS12_BAGS_free(bag);

return NULL;

}

if (!(safebag = PKCS12_SAFEBAG_new())) {

PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG,

ERR_R_MALLOC_FAILURE);

+ PKCS12_BAGS_free(bag);

return NULL;

}

safebag->value.bag = bag;

@@ -131,6 +133,7 @@ PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, int passlen,

if (!(bag->value.shkeybag = PKCS8_encrypt(pbe_nid, pbe_ciph, pass,

passlen, salt, saltlen, iter, p8))) {

PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);

+ PKCS12_SAFEBAG_free(bag);

return NULL;

}

@@ -150,15 +153,19 @@ PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)

p7->type = OBJ_nid2obj(NID_pkcs7_data);

if (!(p7->d.data = M_ASN1_OCTET_STRING_new())) {

PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);

- return NULL;

+ goto err;

}

if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) {

PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA,

PKCS12_R_CANT_PACK_STRUCTURE);

- return NULL;

+ goto err;

}

return p7;

+err:

+ PKCS7_free(p7);

+ return NULL;

}

/* Unpack SAFEBAGS from PKCS#7 data ContentInfo */

@@ -190,7 +197,7 @@ PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,

if (!PKCS7_set_type(p7, NID_pkcs7_encrypted)) {

PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA,

PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);

- return NULL;

+ goto err;

}

pbe_ciph = EVP_get_cipherbynid(pbe_nid);

@@ -202,7 +209,7 @@ PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,

if (!pbe) {

PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);

- return NULL;

+ goto err;

}

X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm);

p7->d.encrypted->enc_data->algorithm = pbe;

@@ -211,10 +218,14 @@ PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,

pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, passlen, bags, 1))) {

PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA,

PKCS12_R_ENCRYPT_ERROR);

- return NULL;

+ goto err;

}

return p7;

+err:

+ PKCS7_free(p7);

+ return NULL;

}

STACK_OF(PKCS12_SAFEBAG) *

diff --git a/lib/libcrypto/pkcs12/p12_crt.c b/lib/libcrypto/pkcs12/p12_crt.c
index 1d5c3dfd160..bef4d54cd9f 100644
--- a/lib/libcrypto/pkcs12/p12_crt.c
+++ b/lib/libcrypto/pkcs12/p12_crt.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: p12_crt.c,v 1.15 2014/07/11 08:44:49 jsing Exp $ */

+/* $OpenBSD: p12_crt.c,v 1.16 2015/02/14 12:43:07 miod Exp $ */

/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL

* project.

@@ -236,8 +236,12 @@ PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key, int key_usage,

bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0,

iter, p8);

PKCS8_PRIV_KEY_INFO_free(p8);

- } else

+ p8 = NULL;

+ } else {

bag = PKCS12_MAKE_KEYBAG(p8);

+ if (bag != NULL)

+ p8 = NULL;

+ }

if (!bag)

goto err;

@@ -250,6 +254,8 @@ PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key, int key_usage,

err:

if (bag)

PKCS12_SAFEBAG_free(bag);

+ if (p8)

+ PKCS8_PRIV_KEY_INFO_free(p8);

return NULL;

}

diff --git a/lib/libcrypto/pkcs12/p12_decr.c b/lib/libcrypto/pkcs12/p12_decr.c
index b6bd508bf12..13be237b4c3 100644
--- a/lib/libcrypto/pkcs12/p12_decr.c
+++ b/lib/libcrypto/pkcs12/p12_decr.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: p12_decr.c,v 1.13 2014/07/11 08:44:49 jsing Exp $ */

+/* $OpenBSD: p12_decr.c,v 1.14 2015/02/14 12:43:07 miod Exp $ */

/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL

* project 1999.

@@ -166,19 +166,23 @@ PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it,

if (!in) {

PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,

PKCS12_R_ENCODE_ERROR);

- return NULL;

+ goto err;

}

if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data,

&oct->length, 1)) {

PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,

PKCS12_R_ENCRYPT_ERROR);

- free(in);

- return NULL;

+ goto err;

}

if (zbuf)

OPENSSL_cleanse(in, inlen);

free(in);

return oct;

+err:

+ free(in);

+ M_ASN1_OCTET_STRING_free(oct);

+ return NULL;

}

IMPLEMENT_PKCS12_STACK_OF(PKCS7)