From 45cb4df9b90241278caceab26dec75b096f42c1b Mon Sep 17 00:00:00 2001 From: Miod Vallat Date: Sat, 14 Feb 2015 14:18:59 +0000 Subject: Attempt to correctly free temporary storage upon error. With help from doug@ and jsing@, ok doug@ three months ago (sigh... I sometimes suck bigtime at commiting bugfixes) --- lib/libssl/src/crypto/pkcs12/p12_npas.c | 33 ++++++++++++++++++--------------- 1 file changed, 18 insertions(+), 15 deletions(-) (limited to 'lib') diff --git a/lib/libssl/src/crypto/pkcs12/p12_npas.c b/lib/libssl/src/crypto/pkcs12/p12_npas.c index ab7bdc64585..b9dea51b85f 100644 --- a/lib/libssl/src/crypto/pkcs12/p12_npas.c +++ b/lib/libssl/src/crypto/pkcs12/p12_npas.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_npas.c,v 1.9 2014/07/08 09:24:53 jsing Exp $ */ +/* $OpenBSD: p12_npas.c,v 1.10 2015/02/14 14:18:58 miod Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -118,7 +118,7 @@ newpass_p12(PKCS12 *p12, char *oldpass, char *newpass) return 0; if (!(newsafes = sk_PKCS7_new_null())) return 0; - for (i = 0; i < sk_PKCS7_num (asafes); i++) { + for (i = 0; i < sk_PKCS7_num(asafes); i++) { p7 = sk_PKCS7_value(asafes, i); bagnid = OBJ_obj2nid(p7->type); if (bagnid == NID_pkcs7_data) { @@ -133,14 +133,11 @@ newpass_p12(PKCS12 *p12, char *oldpass, char *newpass) } } else continue; - if (!bags) { - sk_PKCS7_pop_free(asafes, PKCS7_free); - return 0; - } + if (bags == NULL) + goto err; if (!newpass_bags(bags, oldpass, newpass)) { sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); - sk_PKCS7_pop_free(asafes, PKCS7_free); - return 0; + goto err; } /* Repack bag in same form with new password */ if (bagnid == NID_pkcs7_data) @@ -149,19 +146,20 @@ newpass_p12(PKCS12 *p12, char *oldpass, char *newpass) p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, NULL, pbe_saltlen, pbe_iter, bags); sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); - if (!p7new) { - sk_PKCS7_pop_free(asafes, PKCS7_free); - return 0; - } - sk_PKCS7_push(newsafes, p7new); + if (p7new == NULL) + goto err; + if (sk_PKCS7_push(newsafes, p7new) == 0) + goto err; } sk_PKCS7_pop_free(asafes, PKCS7_free); /* Repack safe: save old safe in case of error */ p12_data_tmp = p12->authsafes->d.data; - if (!(p12->authsafes->d.data = ASN1_OCTET_STRING_new())) - goto saferr; + if (!(p12->authsafes->d.data = ASN1_OCTET_STRING_new())) { + p12->authsafes->d.data = p12_data_tmp; + goto err; + } if (!PKCS12_pack_authsafes(p12, newsafes)) goto saferr; @@ -183,6 +181,11 @@ saferr: ASN1_OCTET_STRING_free(macnew); p12->authsafes->d.data = p12_data_tmp; return 0; + +err: + sk_PKCS7_pop_free(asafes, PKCS7_free); + sk_PKCS7_pop_free(newsafes, PKCS7_free); + return 0; } -- cgit v1.2.3