diff options
| author | Matt Caswell <matt@openssl.org> | 2015-11-04 15:51:02 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2015-11-09 23:00:37 +0000 |
| commit | 84d0c40f3fbcb9e3067cbbc2f01bd965e587c178 (patch) | |
| tree | 07f9867b101ff4fab398604749f8a9d807fc7c73 /crypto | |
| parent | c8cc43108d97517dfce25a114acd5651f5548cd5 (diff) | |
Fix missing malloc return value checks
During work on a larger change in master a number of locations were
identified where return value checks were missing. This backports the
relevant fixes.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 903738ac63e60c10552741e2d6de9753c67e0ff3)
Conflicts:
crypto/cms/cms_sd.c
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/cms/cms_pwri.c | 3 | ||||
| -rw-r--r-- | crypto/engine/eng_cryptodev.c | 7 | ||||
| -rw-r--r-- | crypto/evp/evp_key.c | 2 | ||||
| -rw-r--r-- | crypto/jpake/jpake.c | 4 | ||||
| -rw-r--r-- | crypto/pem/pem_info.c | 6 | ||||
| -rw-r--r-- | crypto/pkcs7/pk7_doit.c | 2 | ||||
| -rw-r--r-- | crypto/x509v3/v3_cpols.c | 4 | ||||
| -rw-r--r-- | crypto/x509v3/v3_ncons.c | 2 |
8 files changed, 28 insertions, 2 deletions
diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c index a8322dcdf1..b91c01691f 100644 --- a/crypto/cms/cms_pwri.c +++ b/crypto/cms/cms_pwri.c @@ -121,6 +121,9 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, /* Setup algorithm identifier for cipher */ encalg = X509_ALGOR_new(); + if (encalg == NULL) { + goto merr; + } EVP_CIPHER_CTX_init(&ctx); if (EVP_EncryptInit_ex(&ctx, kekciph, NULL, NULL, NULL) <= 0) { diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c index bcb936dfa7..a8a24d0543 100644 --- a/crypto/engine/eng_cryptodev.c +++ b/crypto/engine/eng_cryptodev.c @@ -1230,15 +1230,18 @@ static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r, BN_num_bytes(dsa->q), s) == 0) { dsaret = DSA_SIG_new(); + if (dsaret == NULL) + goto err; dsaret->r = r; dsaret->s = s; + r = s = NULL; } else { const DSA_METHOD *meth = DSA_OpenSSL(); - BN_free(r); - BN_free(s); dsaret = (meth->dsa_do_sign) (dgst, dlen, dsa); } err: + BN_free(r); + BN_free(s); kop.crk_param[0].crp_p = NULL; zapparams(&kop); return (dsaret); diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c index 122bc28df5..5be9e336f9 100644 --- a/crypto/evp/evp_key.c +++ b/crypto/evp/evp_key.c @@ -104,6 +104,8 @@ int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt, if ((prompt == NULL) && (prompt_string[0] != '\0')) prompt = prompt_string; ui = UI_new(); + if (ui == NULL) + return -1; UI_add_input_string(ui, prompt, 0, buf, min, (len >= BUFSIZ) ? BUFSIZ - 1 : len); if (verify) diff --git a/crypto/jpake/jpake.c b/crypto/jpake/jpake.c index ed2e888eb4..ac853d4914 100644 --- a/crypto/jpake/jpake.c +++ b/crypto/jpake/jpake.c @@ -218,6 +218,9 @@ static int verify_zkp(const JPAKE_STEP_PART *p, const BIGNUM *zkpg, BIGNUM *t3 = BN_new(); int ret = 0; + if (h == NULL || t1 == NULL || t2 == NULL || t3 == NULL) + goto end; + zkp_hash(h, zkpg, p, ctx->p.peer_name); /* t1 = g^b */ @@ -233,6 +236,7 @@ static int verify_zkp(const JPAKE_STEP_PART *p, const BIGNUM *zkpg, else JPAKEerr(JPAKE_F_VERIFY_ZKP, JPAKE_R_ZKP_VERIFY_FAILED); +end: /* cleanup */ BN_free(t3); BN_free(t2); diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c index 68747d1625..4d736a1d07 100644 --- a/crypto/pem/pem_info.c +++ b/crypto/pem/pem_info.c @@ -172,6 +172,8 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, xi->enc_len = 0; xi->x_pkey = X509_PKEY_new(); + if (xi->x_pkey == NULL) + goto err; ptype = EVP_PKEY_RSA; pp = &xi->x_pkey->dec_pkey; if ((int)strlen(header) > 10) /* assume encrypted */ @@ -193,6 +195,8 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, xi->enc_len = 0; xi->x_pkey = X509_PKEY_new(); + if (xi->x_pkey == NULL) + goto err; ptype = EVP_PKEY_DSA; pp = &xi->x_pkey->dec_pkey; if ((int)strlen(header) > 10) /* assume encrypted */ @@ -214,6 +218,8 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, xi->enc_len = 0; xi->x_pkey = X509_PKEY_new(); + if (xi->x_pkey == NULL) + goto err; ptype = EVP_PKEY_EC; pp = &xi->x_pkey->dec_pkey; if ((int)strlen(header) > 10) /* assume encrypted */ diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 83f3b77b29..946aaa6543 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -656,6 +656,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) bio = BIO_new_mem_buf(data_body->data, data_body->length); else { bio = BIO_new(BIO_s_mem()); + if (bio == NULL) + goto err; BIO_set_mem_eof_return(bio, 0); } if (bio == NULL) diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c index 0febc1b3ed..d97f6226b9 100644 --- a/crypto/x509v3/v3_cpols.c +++ b/crypto/x509v3/v3_cpols.c @@ -186,6 +186,10 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, goto err; } pol = POLICYINFO_new(); + if (pol == NULL) { + X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE); + goto err; + } pol->policyid = pobj; } if (!sk_POLICYINFO_push(pols, pol)) { diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c index b97ed271e3..2855269668 100644 --- a/crypto/x509v3/v3_ncons.c +++ b/crypto/x509v3/v3_ncons.c @@ -132,6 +132,8 @@ static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, } tval.value = val->value; sub = GENERAL_SUBTREE_new(); + if (sub == NULL) + goto memerr; if (!v2i_GENERAL_NAME_ex(sub->base, method, ctx, &tval, 1)) goto err; if (!*ptree) |