src - OpenBSD base system

diff options


context:
space:
mode:

author	Miod Vallat <miod@cvs.openbsd.org>	2014-10-28 05:46:57 +0000
committer	Miod Vallat <miod@cvs.openbsd.org>	2014-10-28 05:46:57 +0000
commit	549232e1e4fdb29e70ae82a2e5e29101d024a8b9 (patch)
tree	bc756e41c6ae9928b8a0119ad78625d40a0af009
parent	461d18be1517d9c9826dec7d3fdb471c7d25e56d (diff)

Check the result of sk_*_push() operations for failure.

ok doug@ jsing@

Diffstat

-rw-r--r--

lib/libssl/src/crypto/asn1/a_strnid.c

-rw-r--r--

lib/libssl/src/crypto/evp/evp_pbe.c

-rw-r--r--

lib/libssl/src/crypto/objects/o_names.c

-rw-r--r--

lib/libssl/src/crypto/ocsp/ocsp_ext.c

-rw-r--r--

lib/libssl/src/crypto/pkcs7/pk7_attr.c

-rw-r--r--

lib/libssl/src/crypto/store/str_mem.c

-rw-r--r--

lib/libssl/src/crypto/ts/ts_conf.c

-rw-r--r--

lib/libssl/src/crypto/x509v3/v3_alt.c

-rw-r--r--

lib/libssl/src/crypto/x509v3/v3_extku.c

9 files changed, 85 insertions, 44 deletions

diff --git a/lib/libssl/src/crypto/asn1/a_strnid.c b/lib/libssl/src/crypto/asn1/a_strnid.c
index be28885363b..4da45c537e6 100644
--- a/lib/libssl/src/crypto/asn1/a_strnid.c
+++ b/lib/libssl/src/crypto/asn1/a_strnid.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: a_strnid.c,v 1.17 2014/07/11 08:44:47 jsing Exp $ */

+/* $OpenBSD: a_strnid.c,v 1.18 2014/10/28 05:46:55 miod Exp $ */

/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL

* project 1999.

@@ -261,8 +261,14 @@ ASN1_STRING_TABLE_add(int nid, long minsize, long maxsize, unsigned long mask,

if (maxsize != -1)

tmp->maxsize = maxsize;

tmp->mask = mask;

- if (new_nid)

- sk_ASN1_STRING_TABLE_push(stable, tmp);

+ if (new_nid) {

+ if (sk_ASN1_STRING_TABLE_push(stable, tmp) == 0) {

+ free(tmp);

+ ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD,

+ ERR_R_MALLOC_FAILURE);

+ return 0;

+ }

return 1;

}

diff --git a/lib/libssl/src/crypto/evp/evp_pbe.c b/lib/libssl/src/crypto/evp/evp_pbe.c
index fcfc43d5783..ac593549e5d 100644
--- a/lib/libssl/src/crypto/evp/evp_pbe.c
+++ b/lib/libssl/src/crypto/evp/evp_pbe.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: evp_pbe.c,v 1.21 2014/07/11 14:16:10 miod Exp $ */

+/* $OpenBSD: evp_pbe.c,v 1.22 2014/10/28 05:46:56 miod Exp $ */

/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL

* project 1999.

@@ -130,7 +130,7 @@ EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,

char obj_tmp[80];

EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_UNKNOWN_PBE_ALGORITHM);

if (!pbe_obj)

- strlcpy (obj_tmp, "NULL", sizeof obj_tmp);

+ strlcpy(obj_tmp, "NULL", sizeof obj_tmp);

else

i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj);

ERR_asprintf_error_data("TYPE=%s", obj_tmp);

@@ -205,7 +205,7 @@ EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, int md_nid,

if (!pbe_algs)

pbe_algs = sk_EVP_PBE_CTL_new(pbe_cmp);

- if (!(pbe_tmp = (EVP_PBE_CTL*) malloc (sizeof(EVP_PBE_CTL)))) {

+ if (!(pbe_tmp = (EVP_PBE_CTL*)malloc(sizeof(EVP_PBE_CTL)))) {

EVPerr(EVP_F_EVP_PBE_ALG_ADD_TYPE, ERR_R_MALLOC_FAILURE);

return 0;

}

@@ -215,7 +215,11 @@ EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, int md_nid,

pbe_tmp->md_nid = md_nid;

pbe_tmp->keygen = keygen;

- sk_EVP_PBE_CTL_push (pbe_algs, pbe_tmp);

+ if (sk_EVP_PBE_CTL_push(pbe_algs, pbe_tmp) == 0) {

+ free(pbe_tmp);

+ EVPerr(EVP_F_EVP_PBE_ALG_ADD_TYPE, ERR_R_MALLOC_FAILURE);

+ return 0;

+ }

return 1;

}

diff --git a/lib/libssl/src/crypto/objects/o_names.c b/lib/libssl/src/crypto/objects/o_names.c
index 68458a282c4..9fa5824890a 100644
--- a/lib/libssl/src/crypto/objects/o_names.c
+++ b/lib/libssl/src/crypto/objects/o_names.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: o_names.c,v 1.18 2014/06/12 15:49:30 deraadt Exp $ */

+/* $OpenBSD: o_names.c,v 1.19 2014/10/28 05:46:56 miod Exp $ */

#include <stdio.h>

#include <stdlib.h>

#include <string.h>

@@ -74,7 +74,11 @@ OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),

name_funcs->hash_func = lh_strhash;

name_funcs->cmp_func = strcmp;

name_funcs->free_func = NULL;

- sk_NAME_FUNCS_push(name_funcs_stack, name_funcs);

+ if (sk_NAME_FUNCS_push(name_funcs_stack, name_funcs) == 0) {

+ free(name_funcs);

+ OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX, ERR_R_MALLOC_FAILURE);

+ return (0);

+ }

}

name_funcs = sk_NAME_FUNCS_value(name_funcs_stack, ret);

if (hash_func != NULL)

diff --git a/lib/libssl/src/crypto/ocsp/ocsp_ext.c b/lib/libssl/src/crypto/ocsp/ocsp_ext.c
index 6318e1718bf..7e69ad4fe08 100644
--- a/lib/libssl/src/crypto/ocsp/ocsp_ext.c
+++ b/lib/libssl/src/crypto/ocsp/ocsp_ext.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ocsp_ext.c,v 1.12 2014/10/22 13:02:04 jsing Exp $ */

+/* $OpenBSD: ocsp_ext.c,v 1.13 2014/10/28 05:46:56 miod Exp $ */

/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL

* project. */

@@ -526,7 +526,10 @@ OCSP_accept_responses_new(char **oids)

while (oids && *oids) {

if ((nid = OBJ_txt2nid(*oids)) != NID_undef &&

(o = OBJ_nid2obj(nid)))

- sk_ASN1_OBJECT_push(sk, o);

+ if (sk_ASN1_OBJECT_push(sk, o) == 0) {

+ sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);

+ return NULL;

+ }

oids++;

}

x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk);

diff --git a/lib/libssl/src/crypto/pkcs7/pk7_attr.c b/lib/libssl/src/crypto/pkcs7/pk7_attr.c
index 2f4d5089f5b..554a47673ba 100644
--- a/lib/libssl/src/crypto/pkcs7/pk7_attr.c
+++ b/lib/libssl/src/crypto/pkcs7/pk7_attr.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: pk7_attr.c,v 1.9 2014/06/29 17:05:36 jsing Exp $ */

+/* $OpenBSD: pk7_attr.c,v 1.10 2014/10/28 05:46:56 miod Exp $ */

/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL

* project 2001.

@@ -107,29 +107,29 @@ PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)

return 0;

}

ASN1_OBJECT_free(alg->algorithm);

- alg->algorithm = OBJ_nid2obj (nid);

+ alg->algorithm = OBJ_nid2obj(nid);

if (arg > 0) {

ASN1_INTEGER *nbit;

- if (!(alg->parameter = ASN1_TYPE_new())) {

- PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,

- ERR_R_MALLOC_FAILURE);

- return 0;

- }

- if (!(nbit = ASN1_INTEGER_new())) {

- PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,

- ERR_R_MALLOC_FAILURE);

- return 0;

- }

- if (!ASN1_INTEGER_set (nbit, arg)) {

- PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,

- ERR_R_MALLOC_FAILURE);

- return 0;

+ if (!(alg->parameter = ASN1_TYPE_new()))

+ goto err;

+ if (!(nbit = ASN1_INTEGER_new()))

+ goto err;

+ if (!ASN1_INTEGER_set(nbit, arg)) {

+ ASN1_INTEGER_free(nbit);

+ goto err;

}

alg->parameter->value.integer = nbit;

alg->parameter->type = V_ASN1_INTEGER;

}

- sk_X509_ALGOR_push (sk, alg);

+ if (sk_X509_ALGOR_push(sk, alg) == 0)

+ goto err;

return 1;

+err:

+ PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE);

+ X509_ALGOR_free(alg);

+ return 0;

}

int

diff --git a/lib/libssl/src/crypto/store/str_mem.c b/lib/libssl/src/crypto/store/str_mem.c
index 3f32bcb8d09..a85a8946b79 100644
--- a/lib/libssl/src/crypto/store/str_mem.c
+++ b/lib/libssl/src/crypto/store/str_mem.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: str_mem.c,v 1.9 2014/07/09 16:59:33 miod Exp $ */

+/* $OpenBSD: str_mem.c,v 1.10 2014/10/28 05:46:56 miod Exp $ */

/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL

* project 2003.

@@ -250,7 +250,11 @@ mem_list_start(STORE *s, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[],

goto err;

}

- sk_STORE_ATTR_INFO_push(context->search_attributes, attrs);

+ if (sk_STORE_ATTR_INFO_push(context->search_attributes,

+ attrs) == 0) {

+ STOREerr(STORE_F_MEM_LIST_START, ERR_R_MALLOC_FAILURE);

+ goto err;

+ }

}

if (!STORE_parse_attrs_endp(attribute_context))

goto err;

diff --git a/lib/libssl/src/crypto/ts/ts_conf.c b/lib/libssl/src/crypto/ts/ts_conf.c
index ec033b1cfcd..5266f91e638 100644
--- a/lib/libssl/src/crypto/ts/ts_conf.c
+++ b/lib/libssl/src/crypto/ts/ts_conf.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ts_conf.c,v 1.7 2014/07/11 08:44:49 jsing Exp $ */

+/* $OpenBSD: ts_conf.c,v 1.8 2014/10/28 05:46:56 miod Exp $ */

/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL

* project 2002.

@@ -110,7 +110,8 @@ end:

return x;

}

-STACK_OF(X509) *TS_CONF_load_certs(const char *file)

+STACK_OF(X509) *

+TS_CONF_load_certs(const char *file)

{

BIO *certs = NULL;

STACK_OF(X509) *othercerts = NULL;

@@ -126,7 +127,11 @@ STACK_OF(X509) *TS_CONF_load_certs(const char *file)

for (i = 0; i < sk_X509_INFO_num(allcerts); i++) {

X509_INFO *xi = sk_X509_INFO_value(allcerts, i);

if (xi->x509) {

- sk_X509_push(othercerts, xi->x509);

+ if (sk_X509_push(othercerts, xi->x509) == 0) {

+ sk_X509_pop_free(othercerts, X509_free);

+ othercerts = NULL;

+ goto end;

+ }

xi->x509 = NULL;

}

diff --git a/lib/libssl/src/crypto/x509v3/v3_alt.c b/lib/libssl/src/crypto/x509v3/v3_alt.c
index 7ae4b6bd973..2592288bdb5 100644
--- a/lib/libssl/src/crypto/x509v3/v3_alt.c
+++ b/lib/libssl/src/crypto/x509v3/v3_alt.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: v3_alt.c,v 1.21 2014/07/11 08:44:49 jsing Exp $ */

+/* $OpenBSD: v3_alt.c,v 1.22 2014/10/28 05:46:56 miod Exp $ */

/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL

* project.

@@ -253,21 +253,24 @@ v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,

CONF_VALUE *cnf;

int i;

- if (!(gens = sk_GENERAL_NAME_new_null())) {

+ if ((gens = sk_GENERAL_NAME_new_null()) == NULL) {

X509V3err(X509V3_F_V2I_ISSUER_ALT, ERR_R_MALLOC_FAILURE);

return NULL;

}

for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {

cnf = sk_CONF_VALUE_value(nval, i);

- if (!name_cmp(cnf->name, "issuer") && cnf->value &&

- !strcmp(cnf->value, "copy")) {

+ if (name_cmp(cnf->name, "issuer") == 0 && cnf->value != NULL &&

+ strcmp(cnf->value, "copy") == 0) {

if (!copy_issuer(ctx, gens))

goto err;

} else {

GENERAL_NAME *gen;

- if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))

+ if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL)

goto err;

- sk_GENERAL_NAME_push(gens, gen);

+ if (sk_GENERAL_NAME_push(gens, gen) == 0) {

+ GENERAL_NAME_free(gen);

+ goto err;

+ }

}

return gens;

@@ -344,7 +347,10 @@ v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,

GENERAL_NAME *gen;

if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))

goto err;

- sk_GENERAL_NAME_push(gens, gen);

+ if (sk_GENERAL_NAME_push(gens, gen) == 0) {

+ GENERAL_NAME_free(gen);

+ goto err;

+ }

}

return gens;

@@ -429,7 +435,10 @@ v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,

cnf = sk_CONF_VALUE_value(nval, i);

if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))

goto err;

- sk_GENERAL_NAME_push(gens, gen);

+ if (sk_GENERAL_NAME_push(gens, gen) == 0) {

+ GENERAL_NAME_free(gen);

+ goto err;

+ }

}

return gens;

@@ -537,7 +546,7 @@ a2i_GENERAL_NAME(GENERAL_NAME *out, const X509V3_EXT_METHOD *method,

return gen;

err:

- if (!out)

+ if (out == NULL)

GENERAL_NAME_free(gen);

return NULL;

}

diff --git a/lib/libssl/src/crypto/x509v3/v3_extku.c b/lib/libssl/src/crypto/x509v3/v3_extku.c
index 0f36a995254..a9f1d6da6e4 100644
--- a/lib/libssl/src/crypto/x509v3/v3_extku.c
+++ b/lib/libssl/src/crypto/x509v3/v3_extku.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: v3_extku.c,v 1.9 2014/07/11 08:44:49 jsing Exp $ */

+/* $OpenBSD: v3_extku.c,v 1.10 2014/10/28 05:46:56 miod Exp $ */

/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL

* project 1999.

@@ -144,7 +144,13 @@ v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,

X509V3_conf_err(val);

return NULL;

}

- sk_ASN1_OBJECT_push(extku, objtmp);

+ if (sk_ASN1_OBJECT_push(extku, objtmp) == 0) {

+ ASN1_OBJECT_free(objtmp);

+ sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free);

+ X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE,

+ ERR_R_MALLOC_FAILURE);

+ return NULL;

+ }

}

return extku;

}