diff options
| author | Ted Unangst <tedu@cvs.openbsd.org> | 2014-04-23 20:21:24 +0000 |
|---|---|---|
| committer | Ted Unangst <tedu@cvs.openbsd.org> | 2014-04-23 20:21:24 +0000 |
| commit | 5dcd1870e1bf596d26a5c4415f176953dd06e765 (patch) | |
| tree | 468f715356d302fa6f4ef2259c61b6b8c774758f /lib | |
| parent | 1ce8fff3ea23b2c5f47fd5c5c02fefc4f194257c (diff) | |
if realloc failed, BIO_accept would leak memory and return NULL, causing
caller to crash. Fix leak and return an error instead. from Chad Loder
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libcrypto/bio/b_sock.c | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/lib/libcrypto/bio/b_sock.c b/lib/libcrypto/bio/b_sock.c index a6dd43f397b..a7791b39e2e 100644 --- a/lib/libcrypto/bio/b_sock.c +++ b/lib/libcrypto/bio/b_sock.c @@ -449,7 +449,7 @@ BIO_accept(int sock, char **addr) int ret = -1; unsigned long l; unsigned short port; - char *p; + char *p, *tmp; struct { /* @@ -534,11 +534,19 @@ BIO_accept(int sock, char **addr) p = *addr; if (p) { *p = '\0'; - p = realloc(p, nl); + if (!(tmp = realloc(p, nl))) { + ret = -1; + free(p); + *addr = NULL; + BIOerr(BIO_F_BIO_ACCEPT, ERR_R_MALLOC_FAILURE); + goto end; + } + p = tmp; } else { p = malloc(nl); } if (p == NULL) { + ret = -1; BIOerr(BIO_F_BIO_ACCEPT, ERR_R_MALLOC_FAILURE); goto end; } @@ -553,6 +561,7 @@ BIO_accept(int sock, char **addr) port = ntohs(sa.from.sa_in.sin_port); if (*addr == NULL) { if ((p = malloc(24)) == NULL) { + ret = -1; BIOerr(BIO_F_BIO_ACCEPT, ERR_R_MALLOC_FAILURE); goto end; } |