diff options
| author | Doug Hogan <doug@cvs.openbsd.org> | 2014-12-06 19:26:38 +0000 |
|---|---|---|
| committer | Doug Hogan <doug@cvs.openbsd.org> | 2014-12-06 19:26:38 +0000 |
| commit | 7d3f3643e23e8f02bd6cc1aceeb1018a2353544b (patch) | |
| tree | eca464f06ea9093714e4dcfbe6d791f96864ab1e /lib/libcrypto | |
| parent | 4404e2ecaebf84cf2ce7b6f226799e05002442b1 (diff) | |
Avoid modifying input on failure in X509_(TRUST|PURPOSE)_add.
If X509_TRUST_add() or X509_PURPOSE_add() fail, they will leave the
object in an inconsistent state since the name is already freed.
This commit avoids changing the original name unless the *_add() call
will succeed.
Based on BoringSSL's commit: ab2815eaff6219ef57aedca2f7b1b72333c27fd0
ok miod@
Diffstat (limited to 'lib/libcrypto')
| -rw-r--r-- | lib/libcrypto/x509/x509_trs.c | 14 | ||||
| -rw-r--r-- | lib/libcrypto/x509v3/v3_purp.c | 24 |
2 files changed, 21 insertions, 17 deletions
diff --git a/lib/libcrypto/x509/x509_trs.c b/lib/libcrypto/x509/x509_trs.c index 95fb568c681..4fa9f81ee72 100644 --- a/lib/libcrypto/x509/x509_trs.c +++ b/lib/libcrypto/x509/x509_trs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_trs.c,v 1.18 2014/11/18 03:28:05 tedu Exp $ */ +/* $OpenBSD: x509_trs.c,v 1.19 2014/12/06 19:26:37 doug Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -177,6 +177,7 @@ X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), { int idx; X509_TRUST *trtmp; + char *name_dup; /* This is set according to what we change: application can't set it */ flags &= ~X509_TRUST_DYNAMIC; @@ -199,12 +200,14 @@ X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), } } + if ((name_dup = strdup(name)) == NULL) + goto err; + /* free existing name if dynamic */ if (trtmp->flags & X509_TRUST_DYNAMIC_NAME) free(trtmp->name); /* dup supplied name */ - if ((trtmp->name = strdup(name)) == NULL) - goto err; + trtmp->name = name_dup; /* Keep the dynamic flag of existing entry */ trtmp->flags &= X509_TRUST_DYNAMIC; /* Set all other flags */ @@ -226,10 +229,9 @@ X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), return 1; err: - if (idx == -1) { - free(trtmp->name); + free(name_dup); + if (idx == -1) free(trtmp); - } X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE); return 0; } diff --git a/lib/libcrypto/x509v3/v3_purp.c b/lib/libcrypto/x509v3/v3_purp.c index 1a073e368ee..b020f87a0f8 100644 --- a/lib/libcrypto/x509v3/v3_purp.c +++ b/lib/libcrypto/x509v3/v3_purp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: v3_purp.c,v 1.23 2014/10/05 18:33:57 miod Exp $ */ +/* $OpenBSD: v3_purp.c,v 1.24 2014/12/06 19:26:37 doug Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ @@ -203,6 +203,9 @@ X509_PURPOSE_add(int id, int trust, int flags, { int idx; X509_PURPOSE *ptmp; + char *name_dup, *sname_dup; + + name_dup = sname_dup = NULL; if (name == NULL || sname == NULL) { X509V3err(X509V3_F_X509_PURPOSE_ADD, @@ -227,16 +230,19 @@ X509_PURPOSE_add(int id, int trust, int flags, } else ptmp = X509_PURPOSE_get0(idx); + if ((name_dup = strdup(name)) == NULL) + goto err; + if ((sname_dup = strdup(sname)) == NULL) + goto err; + /* free existing name if dynamic */ if (ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) { free(ptmp->name); free(ptmp->sname); } /* dup supplied name */ - ptmp->name = strdup(name); - ptmp->sname = strdup(sname); - if (ptmp->name == NULL || ptmp->sname == NULL) - goto err; + ptmp->name = name_dup; + ptmp->sname = sname_dup; /* Keep the dynamic flag of existing entry */ ptmp->flags &= X509_PURPOSE_DYNAMIC; /* Set all other flags */ @@ -258,14 +264,10 @@ X509_PURPOSE_add(int id, int trust, int flags, return 1; err: - free(ptmp->name); - free(ptmp->sname); + free(name_dup); + free(sname_dup); if (idx == -1) free(ptmp); - else { - ptmp->name = NULL; - ptmp->sname = NULL; - } X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE); return 0; } |