Unchecked malloc fixes

Miscellaneous unchecked malloc fixes. Also fixed some mem leaks on error paths as I spotted them along the way. Reviewed-by: Tim Hudson <tjh@openssl.org>
author: Matt Caswell <matt@openssl.org> 2015-03-04 17:49:51 +0000
committer: Matt Caswell <matt@openssl.org> 2015-03-05 09:09:57 +0000
commit: 918bb8652969fd53f0c390c1cd909265ed502c7e (patch)
tree: 883afa725e4529a992611b5b02e8b5c784463e99 /crypto/bio
parent: 618be04e407a7800a7198ac87fa5e8cee7c6e10b (diff)
2 files changed, 22 insertions, 1 deletions
diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c
index 5dc7630009..f7940f28be 100644
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
@@ -713,6 +713,10 @@ doapr_outch(char **sbuffer,
                 if (*maxlen == 0)
                     *maxlen = 1024;
                 *buffer = OPENSSL_malloc(*maxlen);
+                if(!*buffer) {
+                    /* Panic! Can't really do anything sensible. Just return */
+                    return;
+                }
                 if (*currlen > 0) {
                     assert(*sbuffer != NULL);
                     memcpy(*buffer, *sbuffer, *currlen);
@@ -721,6 +725,10 @@ doapr_outch(char **sbuffer,
             } else {
                 *maxlen += 1024;
                 *buffer = OPENSSL_realloc(*buffer, *maxlen);
+                if(!*buffer) {
+                    /* Panic! Can't really do anything sensible. Just return */
+                    return;
+                }
             }
         }
         /* What to do if *buffer is NULL? */
diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c
index 0767809025..aef81499aa 100644
--- a/crypto/bio/bss_dgram.c
+++ b/crypto/bio/bss_dgram.c
@@ -998,6 +998,10 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag)
      */
     sockopt_len = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
     authchunks = OPENSSL_malloc(sockopt_len);
+    if(!authchunks) {
+        BIO_vfree(bio);
+        return (NULL);
+    }
     memset(authchunks, 0, sockopt_len);
     ret =
         getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks,
@@ -1333,6 +1337,10 @@ static int dgram_sctp_read(BIO *b, char *out, int outl)
             optlen =
                 (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
             authchunks = OPENSSL_malloc(optlen);
+            if (!authchunks) {
+                BIOerr(BIO_F_DGRAM_SCTP_READ, ERR_R_MALLOC_ERROR);
+                return -1;
+            }
             memset(authchunks, 0, optlen);
             ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS,
                             authchunks, &optlen);
@@ -1399,10 +1407,15 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl)
      * yet, we have to save it and send it as soon as the socket gets dry.
      */
     if (data->save_shutdown && !BIO_dgram_sctp_wait_for_dry(b)) {
+        char *tmp;
         data->saved_message.bio = b;
+        if(!(tmp = OPENSSL_malloc(inl))) {
+            BIOerr(BIO_F_DGRAM_SCTP_WRITE, ERR_R_MALLOC_ERROR);
+            return -1;
+        }
         if (data->saved_message.data)
             OPENSSL_free(data->saved_message.data);
-        data->saved_message.data = OPENSSL_malloc(inl);
+        data->saved_message.data = tmp;
         memcpy(data->saved_message.data, in, inl);
         data->saved_message.length = inl;
         return inl;
author	Matt Caswell <matt@openssl.org>	2015-03-04 17:49:51 +0000
committer	Matt Caswell <matt@openssl.org>	2015-03-05 09:09:57 +0000
commit	918bb8652969fd53f0c390c1cd909265ed502c7e (patch)
tree	883afa725e4529a992611b5b02e8b5c784463e99 /crypto/bio
parent	618be04e407a7800a7198ac87fa5e8cee7c6e10b (diff)