diff options
| author | Matt Caswell <matt@openssl.org> | 2015-03-04 17:49:51 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2015-03-05 09:22:50 +0000 |
| commit | 9f114219508d64a5b9522006eab1ed2db918dd25 (patch) | |
| tree | 9f861c5d7606a01cd6d03b62660685d21f04c2a8 /crypto | |
| parent | 51527f1e3564f210e984fe5b654c45d34e4f03d7 (diff) | |
Unchecked malloc fixes
Miscellaneous unchecked malloc fixes. Also fixed some mem leaks on error
paths as I spotted them along the way.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 918bb8652969fd53f0c390c1cd909265ed502c7e)
Conflicts:
crypto/bio/bss_dgram.c
Conflicts:
apps/cms.c
apps/s_cb.c
apps/s_server.c
apps/speed.c
crypto/dh/dh_pmeth.c
ssl/s3_pkt.c
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/asn1/bio_ndef.c | 6 | ||||
| -rw-r--r-- | crypto/bio/b_print.c | 8 | ||||
| -rw-r--r-- | crypto/bio/bss_dgram.c | 15 | ||||
| -rw-r--r-- | crypto/cms/cms_pwri.c | 2 | ||||
| -rw-r--r-- | crypto/dso/dso_vms.c | 3 | ||||
| -rw-r--r-- | crypto/objects/o_names.c | 15 | ||||
| -rw-r--r-- | crypto/rand/rand_os2.c | 3 | ||||
| -rw-r--r-- | crypto/threads/th-lock.c | 23 |
8 files changed, 66 insertions, 9 deletions
diff --git a/crypto/asn1/bio_ndef.c b/crypto/asn1/bio_ndef.c index 5817a2b8a7..4a73ca9eac 100644 --- a/crypto/asn1/bio_ndef.c +++ b/crypto/asn1/bio_ndef.c @@ -162,6 +162,9 @@ static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg) derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it); p = OPENSSL_malloc(derlen); + if(!p) + return 0; + ndef_aux->derbuf = p; *pbuf = p; derlen = ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it); @@ -229,6 +232,9 @@ static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg) derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it); p = OPENSSL_malloc(derlen); + if(!p) + return 0; + ndef_aux->derbuf = p; *pbuf = p; derlen = ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it); diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index 5dc7630009..f7940f28be 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -713,6 +713,10 @@ doapr_outch(char **sbuffer, if (*maxlen == 0) *maxlen = 1024; *buffer = OPENSSL_malloc(*maxlen); + if(!*buffer) { + /* Panic! Can't really do anything sensible. Just return */ + return; + } if (*currlen > 0) { assert(*sbuffer != NULL); memcpy(*buffer, *sbuffer, *currlen); @@ -721,6 +725,10 @@ doapr_outch(char **sbuffer, } else { *maxlen += 1024; *buffer = OPENSSL_realloc(*buffer, *maxlen); + if(!*buffer) { + /* Panic! Can't really do anything sensible. Just return */ + return; + } } } /* What to do if *buffer is NULL? */ diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index dd368025ed..b495db26e1 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -953,6 +953,10 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag) */ sockopt_len = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); authchunks = OPENSSL_malloc(sockopt_len); + if(!authchunks) { + BIO_vfree(bio); + return (NULL); + } memset(authchunks, 0, sizeof(sockopt_len)); ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks, @@ -1288,6 +1292,10 @@ static int dgram_sctp_read(BIO *b, char *out, int outl) optlen = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); authchunks = OPENSSL_malloc(optlen); + if (!authchunks) { + BIOerr(BIO_F_DGRAM_SCTP_READ, ERR_R_MALLOC_ERROR); + return -1; + } memset(authchunks, 0, sizeof(optlen)); ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS, authchunks, &optlen); @@ -1354,10 +1362,15 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl) * yet, we have to save it and send it as soon as the socket gets dry. */ if (data->save_shutdown && !BIO_dgram_sctp_wait_for_dry(b)) { + char *tmp; data->saved_message.bio = b; + if(!(tmp = OPENSSL_malloc(inl))) { + BIOerr(BIO_F_DGRAM_SCTP_WRITE, ERR_R_MALLOC_ERROR); + return -1; + } if (data->saved_message.data) OPENSSL_free(data->saved_message.data); - data->saved_message.data = OPENSSL_malloc(inl); + data->saved_message.data = tmp; memcpy(data->saved_message.data, in, inl); data->saved_message.length = inl; return inl; diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c index d93b14fa2c..076b545789 100644 --- a/crypto/cms/cms_pwri.c +++ b/crypto/cms/cms_pwri.c @@ -231,6 +231,8 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen, return 0; } tmp = OPENSSL_malloc(inlen); + if(!tmp) + return 0; /* setup IV by decrypting last two blocks */ EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl, in + inlen - 2 * blocklen, blocklen * 2); diff --git a/crypto/dso/dso_vms.c b/crypto/dso/dso_vms.c index 8793f7e0ff..0eff96ec22 100644 --- a/crypto/dso/dso_vms.c +++ b/crypto/dso/dso_vms.c @@ -539,7 +539,8 @@ static char *vms_name_converter(DSO *dso, const char *filename) { int len = strlen(filename); char *not_translated = OPENSSL_malloc(len + 1); - strcpy(not_translated, filename); + if(not_translated) + strcpy(not_translated, filename); return (not_translated); } diff --git a/crypto/objects/o_names.c b/crypto/objects/o_names.c index e1e13a6131..c6774f4578 100644 --- a/crypto/objects/o_names.c +++ b/crypto/objects/o_names.c @@ -312,15 +312,18 @@ void OBJ_NAME_do_all_sorted(int type, d.type = type; d.names = OPENSSL_malloc(lh_OBJ_NAME_num_items(names_lh) * sizeof *d.names); - d.n = 0; - OBJ_NAME_do_all(type, do_all_sorted_fn, &d); + /* Really should return an error if !d.names...but its a void function! */ + if(d.names) { + d.n = 0; + OBJ_NAME_do_all(type, do_all_sorted_fn, &d); - qsort((void *)d.names, d.n, sizeof *d.names, do_all_sorted_cmp); + qsort((void *)d.names, d.n, sizeof *d.names, do_all_sorted_cmp); - for (n = 0; n < d.n; ++n) - fn(d.names[n], arg); + for (n = 0; n < d.n; ++n) + fn(d.names[n], arg); - OPENSSL_free((void *)d.names); + OPENSSL_free((void *)d.names); + } } static int free_type; diff --git a/crypto/rand/rand_os2.c b/crypto/rand/rand_os2.c index 9c4a137bb7..02148d5bf9 100644 --- a/crypto/rand/rand_os2.c +++ b/crypto/rand/rand_os2.c @@ -149,6 +149,9 @@ int RAND_poll(void) if (DosQuerySysState) { char *buffer = OPENSSL_malloc(256 * 1024); + if(!buffer) + return 0; + if (DosQuerySysState(0x1F, 0, 0, 0, buffer, 256 * 1024) == 0) { /* * First 4 bytes in buffer is a pointer to the thread count there diff --git a/crypto/threads/th-lock.c b/crypto/threads/th-lock.c index 1b5765948a..28884c2d44 100644 --- a/crypto/threads/th-lock.c +++ b/crypto/threads/th-lock.c @@ -117,6 +117,10 @@ void CRYPTO_thread_setup(void) int i; lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(HANDLE)); + if(!lock_cs) { + /* Nothing we can do about this...void function! */ + return; + } for (i = 0; i < CRYPTO_num_locks(); i++) { lock_cs[i] = CreateMutex(NULL, FALSE, NULL); } @@ -168,6 +172,10 @@ void CRYPTO_thread_setup(void) # else lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(rwlock_t)); # endif + if(!lock_cs) { + /* Nothing we can do about this...void function! */ + return; + } lock_count = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long)); for (i = 0; i < CRYPTO_num_locks(); i++) { lock_count[i] = 0; @@ -251,6 +259,12 @@ void CRYPTO_thread_setup(void) int i; char filename[20]; + lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(usema_t *)); + if(!lock_cs) { + /* Nothing we can do about this...void function! */ + return; + } + strcpy(filename, "/tmp/mttest.XXXXXX"); mktemp(filename); @@ -261,7 +275,6 @@ void CRYPTO_thread_setup(void) arena = usinit(filename); unlink(filename); - lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(usema_t *)); for (i = 0; i < CRYPTO_num_locks(); i++) { lock_cs[i] = usnewsema(arena, 1); } @@ -315,6 +328,14 @@ void CRYPTO_thread_setup(void) lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t)); lock_count = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long)); + if(!lock_cs || !lock_count) { + /* Nothing we can do about this...void function! */ + if(lock_cs) + OPENSSL_free(lock_cs); + if(lock_count) + OPENSSL_free(lock_count); + return; + } for (i = 0; i < CRYPTO_num_locks(); i++) { lock_count[i] = 0; pthread_mutex_init(&(lock_cs[i]), NULL); |