diff options
| author | FdaSilvaYY <fdasilvayy@gmail.com> | 2016-01-29 19:49:38 +0100 |
|---|---|---|
| committer | Rich Salz <rsalz@openssl.org> | 2016-02-27 17:05:32 -0500 |
| commit | e9cf5f03666bb82f0184e4f013702d0b164afdca (patch) | |
| tree | 3b39d45aef341e8658320fcf8a6c6fbc1e90683a /crypto/asn1 | |
| parent | a3762a92d6222bf50bb45178999cbcf31d57da5e (diff) | |
Fix possible memory leak on BUF_MEM_grow_clean failure
backport of 3eb70c5ebae6f2b5fd6034ed5af14910c8479688
shorter changes
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'crypto/asn1')
| -rw-r--r-- | crypto/asn1/tasn_dec.c | 13 |
1 files changed, 4 insertions, 9 deletions
diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index 9256049d15..97b18358a9 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -715,9 +715,9 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, { int ret = 0, utype; long plen; - char cst, inf, free_cont = 0; + char cst, inf, free_cont = 1; const unsigned char *p; - BUF_MEM buf; + BUF_MEM buf = { 0, NULL, 0, 0 }; const unsigned char *cont = NULL; long len; if (!pval) { @@ -793,7 +793,6 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, } else { len = p - cont + plen; p += plen; - buf.data = NULL; } } else if (cst) { if (utype == V_ASN1_NULL || utype == V_ASN1_BOOLEAN @@ -802,9 +801,6 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_TYPE_NOT_PRIMITIVE); return 0; } - buf.length = 0; - buf.max = 0; - buf.data = NULL; /* * Should really check the internal tags are correct but some things * may get this wrong. The relevant specs say that constructed string @@ -812,18 +808,16 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, * So instead just check for UNIVERSAL class and ignore the tag. */ if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0)) { - free_cont = 1; goto err; } len = buf.length; /* Append a final null to string */ if (!BUF_MEM_grow_clean(&buf, len + 1)) { ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE); - return 0; + goto err; } buf.data[len] = 0; cont = (const unsigned char *)buf.data; - free_cont = 1; } else { cont = p; len = plen; @@ -831,6 +825,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, } /* We now have content length and type: translate into a structure */ + /* asn1_ex_c2i may reuse allocated buffer, and so sets free_cont to 0 */ if (!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it)) goto err; |