diff options
author | Matt Caswell <matt@openssl.org> | 2015-03-11 20:08:16 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-03-12 09:29:48 +0000 |
commit | 563fc239d23985f7e7a7300003bd8eb173224354 (patch) | |
tree | c0e4d0c8ef3cedeea4b280b3666d78cd04a34b0d | |
parent | 15919ecadc3ba9fc210472b806e6ac258825ea83 (diff) |
Fix dh_pub_encode
The return value from ASN1_STRING_new() was not being checked which could
lead to a NULL deref in the event of a malloc failure. Also fixed a mem
leak in the error path.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 6aa8dab2bbfd5ad3cfc0d07fe5d7243635d5b2a2)
-rw-r--r-- | crypto/dh/dh_ameth.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index 1d573a46ce..c6bfc2d3f4 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -151,7 +151,6 @@ static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) { DH *dh; - void *pval = NULL; int ptype; unsigned char *penc = NULL; int penclen; @@ -161,12 +160,15 @@ static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) dh = pkey->pkey.dh; str = ASN1_STRING_new(); + if(!str) { + DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); + goto err; + } str->length = i2d_dhp(pkey, dh, &str->data); if (str->length <= 0) { DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); goto err; } - pval = str; ptype = V_ASN1_SEQUENCE; pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL); @@ -183,14 +185,14 @@ static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) } if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id), - ptype, pval, penc, penclen)) + ptype, str, penc, penclen)) return 1; err: if (penc) OPENSSL_free(penc); - if (pval) - ASN1_STRING_free(pval); + if (str) + ASN1_STRING_free(str); return 0; } |