diff options
| author | Viktor Dukhovni <openssl-users@dukhovni.org> | 2015-09-01 21:47:12 -0400 |
|---|---|---|
| committer | Viktor Dukhovni <openssl-users@dukhovni.org> | 2015-09-02 10:01:23 -0400 |
| commit | 39c76ceb2d3e51eaff95e04d6e4448f685718f8d (patch) | |
| tree | 67df0e9adf128c03c760bb0b60e9604fc540dfde /crypto/x509 | |
| parent | 0a1682d8b53a61732877edf015438ecd7965bc21 (diff) | |
Better handling of verify param id peername field
Initialize pointers in param id by the book (explicit NULL assignment,
rather than just memset 0).
In x509_verify_param_zero() set peername to NULL after freeing it.
In x509_vfy.c's internal check_hosts(), avoid potential leak of
possibly already non-NULL peername. This is only set when a check
succeeds, so don't need to do this repeatedly in the loop.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit a0724ef1c9b9e2090bdd96b784f492b6a3952957)
Diffstat (limited to 'crypto/x509')
| -rw-r--r-- | crypto/x509/x509_vfy.c | 4 | ||||
| -rw-r--r-- | crypto/x509/x509_vpm.c | 15 |
2 files changed, 15 insertions, 4 deletions
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 7bac197666..ab94948f01 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -753,6 +753,10 @@ static int check_hosts(X509 *x, X509_VERIFY_PARAM_ID *id) int n = sk_OPENSSL_STRING_num(id->hosts); char *name; + if (id->peername != NULL) { + OPENSSL_free(id->peername); + id->peername = NULL; + } for (i = 0; i < n; ++i) { name = sk_OPENSSL_STRING_value(id->hosts, i); if (X509_check_host(x, name, 0, id->hostflags, &id->peername) > 0) diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index 1ea0c69f57..592a8a5f6a 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -155,6 +155,7 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param) } if (paramid->peername) OPENSSL_free(paramid->peername); + paramid->peername = NULL; if (paramid->email) { OPENSSL_free(paramid->email); paramid->email = NULL; @@ -165,7 +166,6 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param) paramid->ip = NULL; paramid->iplen = 0; } - } X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) @@ -176,13 +176,20 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) param = OPENSSL_malloc(sizeof *param); if (!param) return NULL; - paramid = OPENSSL_malloc(sizeof *paramid); + memset(param, 0, sizeof(*param)); + + paramid = OPENSSL_malloc(sizeof(*paramid)); if (!paramid) { OPENSSL_free(param); return NULL; } - memset(param, 0, sizeof *param); - memset(paramid, 0, sizeof *paramid); + memset(paramid, 0, sizeof(*paramid)); + /* Exotic platforms may have non-zero bit representation of NULL */ + paramid->hosts = NULL; + paramid->peername = NULL; + paramid->email = NULL; + paramid->ip = NULL; + param->id = paramid; x509_verify_param_zero(param); return param; |