PR: 2124

Submitted by: Jan Pechanec <Jan.Pechanec@Sun.COM>

Check for memory allocation failures.

4 files changed, 59 insertions, 9 deletions

diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index acada47fda..d6abcfe1d6 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -126,7 +126,8 @@ EVP_MD_CTX *EVP_MD_CTX_create(void)
 	{
 	EVP_MD_CTX *ctx=OPENSSL_malloc(sizeof *ctx);
 
-	EVP_MD_CTX_init(ctx);
+	if (ctx)
+		EVP_MD_CTX_init(ctx);
 
 	return ctx;
 	}
@@ -286,8 +287,17 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
 
 	if (in->md_data && out->digest->ctx_size)
 		{
-		if (tmp_buf) out->md_data = tmp_buf;
-		else out->md_data=OPENSSL_malloc(out->digest->ctx_size);
+		if (tmp_buf)
+			out->md_data = tmp_buf;
+		else
+			{
+			out->md_data=OPENSSL_malloc(out->digest->ctx_size);
+			if (!out->md_data)
+				{
+				EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_MALLOC_FAILURE);
+				return 0;
+				}
+			}
 		memcpy(out->md_data,in->md_data,out->digest->ctx_size);
 		}
 
diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c
index 47f748081b..528f9c7cef 100644
--- a/crypto/lhash/lhash.c
+++ b/crypto/lhash/lhash.c
@@ -310,16 +310,40 @@ void lh_doall_arg(_LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg)
 static void expand(_LHASH *lh)
 	{
 	LHASH_NODE **n,**n1,**n2,*np;
-	unsigned int p,i,j;
+	unsigned int p,i,j,pmax;
 	unsigned long hash,nni;
 
+	p=(int)lh->p++;
+	nni=lh->num_alloc_nodes;
+	pmax=lh->pmax;
+
+	if ((lh->p) >= lh->pmax)
+		{
+		j=(int)lh->num_alloc_nodes*2;
+		n=(LHASH_NODE **)OPENSSL_realloc(lh->b,
+			(int)sizeof(LHASH_NODE *)*j);
+		if (n == NULL)
+			{
+/*			fputs("realloc error in lhash",stderr); */
+			lh->error++;
+			lh->p=0;
+			return;
+			}
+		/* else */
+		for (i=(int)lh->num_alloc_nodes; i<j; i++)/* 26/02/92 eay */
+			n[i]=NULL;			  /* 02/03/92 eay */
+		lh->pmax=lh->num_alloc_nodes;
+		lh->num_alloc_nodes=j;
+		lh->num_expand_reallocs++;
+		lh->p=0;
+		lh->b=n;
+		}
+
 	lh->num_nodes++;
 	lh->num_expands++;
-	p=(int)lh->p++;
 	n1= &(lh->b[p]);
-	n2= &(lh->b[p+(int)lh->pmax]);
+	n2= &(lh->b[p+pmax]);
 	*n2=NULL;        /* 27/07/92 - eay - undefined pointer bug */
-	nni=lh->num_alloc_nodes;
 	
 	for (np= *n1; np != NULL; )
 		{
@@ -388,6 +412,7 @@ static void contract(_LHASH *lh)
 	else
 		lh->p--;
 
+	lh->b[idx] = NULL;
 	lh->num_nodes--;
 	lh->num_contracts++;
 
diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
index e334e506fb..de45088d76 100644
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -182,7 +182,16 @@ RSA *RSA_new_method(ENGINE *engine)
 	ret->mt_blinding=NULL;
 	ret->bignum_data=NULL;
 	ret->flags=ret->meth->flags;
-	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
+	if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data))
+		{
+#ifndef OPENSSL_NO_ENGINE
+	if (ret->engine)
+		ENGINE_finish(ret->engine);
+#endif
+		OPENSSL_free(ret);
+		return(NULL);
+		}
+
 	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
 		{
 #ifndef OPENSSL_NO_ENGINE
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index fb7d23bbd0..7e38544e5f 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -200,7 +200,13 @@ X509_STORE *X509_STORE_new(void)
 	ret->lookup_crls = 0;
 	ret->cleanup = 0;
 
-	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data);
+	if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data))
+		{
+		sk_X509_OBJECT_free(ret->objs);
+		OPENSSL_free(ret);
+		return NULL;
+		}
+
 	ret->references=1;
 	return ret;
 	}