diff options
author | Matt Caswell <matt@openssl.org> | 2015-03-11 20:08:16 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-03-12 09:22:56 +0000 |
commit | 6aa8dab2bbfd5ad3cfc0d07fe5d7243635d5b2a2 (patch) | |
tree | 1b985cff0ad492dc016780bb37abbf4058c91c9a /crypto/dh/dh_ameth.c | |
parent | 34a7ed0c39aa3ab67eea1e106577525eaf0d7a00 (diff) |
Fix dh_pub_encode
The return value from ASN1_STRING_new() was not being checked which could
lead to a NULL deref in the event of a malloc failure. Also fixed a mem
leak in the error path.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'crypto/dh/dh_ameth.c')
-rw-r--r-- | crypto/dh/dh_ameth.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index 8dac573950..2c77381a48 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -151,7 +151,6 @@ static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) { DH *dh; - void *pval = NULL; int ptype; unsigned char *penc = NULL; int penclen; @@ -161,12 +160,15 @@ static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) dh = pkey->pkey.dh; str = ASN1_STRING_new(); + if(!str) { + DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); + goto err; + } str->length = i2d_dhp(pkey, dh, &str->data); if (str->length <= 0) { DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); goto err; } - pval = str; ptype = V_ASN1_SEQUENCE; pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL); @@ -183,14 +185,14 @@ static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) } if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id), - ptype, pval, penc, penclen)) + ptype, str, penc, penclen)) return 1; err: if (penc) OPENSSL_free(penc); - if (pval) - ASN1_STRING_free(pval); + if (str) + ASN1_STRING_free(str); return 0; } |