diff options
| author | Rich Salz <rsalz@openssl.org> | 2018-04-03 11:31:16 -0400 |
|---|---|---|
| committer | Rich Salz <rsalz@openssl.org> | 2018-04-03 11:31:16 -0400 |
| commit | cdb10bae3f773401e039c55965eb177a6f3fc160 (patch) | |
| tree | c69b1b2bc385d3f600684cf8285b9ff80322c48f /ssl | |
| parent | 29f484d00d732ea4c19a7fd3dc0440045653e79e (diff) | |
Set error code on alloc failures
Almost all *alloc failures now set an error code.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/5842)
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/packet.c | 11 | ||||
| -rw-r--r-- | ssl/pqueue.c | 10 | ||||
| -rw-r--r-- | ssl/ssl_ciph.c | 5 | ||||
| -rw-r--r-- | ssl/ssl_err.c | 19 | ||||
| -rw-r--r-- | ssl/ssl_lib.c | 6 | ||||
| -rw-r--r-- | ssl/statem/statem_dtls.c | 10 | ||||
| -rw-r--r-- | ssl/t1_lib.c | 26 |
7 files changed, 62 insertions, 25 deletions
diff --git a/ssl/packet.c b/ssl/packet.c index 7a4414ae6a..18198009cc 100644 --- a/ssl/packet.c +++ b/ssl/packet.c @@ -9,6 +9,7 @@ #include "internal/cryptlib.h" #include "packet_locl.h" +#include <openssl/sslerr.h> #define DEFAULT_BUF_SIZE 256 @@ -93,9 +94,10 @@ static int wpacket_intern_init_len(WPACKET *pkt, size_t lenbytes) pkt->curr = 0; pkt->written = 0; - pkt->subs = OPENSSL_zalloc(sizeof(*pkt->subs)); - if (pkt->subs == NULL) + if ((pkt->subs = OPENSSL_zalloc(sizeof(*pkt->subs))) == NULL) { + SSLerr(SSL_F_WPACKET_INTERN_INIT_LEN, ERR_R_MALLOC_FAILURE); return 0; + } if (lenbytes == 0) return 1; @@ -276,9 +278,10 @@ int WPACKET_start_sub_packet_len__(WPACKET *pkt, size_t lenbytes) if (!ossl_assert(pkt->subs != NULL)) return 0; - sub = OPENSSL_zalloc(sizeof(*sub)); - if (sub == NULL) + if ((sub = OPENSSL_zalloc(sizeof(*sub))) == NULL) { + SSLerr(SSL_F_WPACKET_START_SUB_PACKET_LEN__, ERR_R_MALLOC_FAILURE); return 0; + } sub->parent = pkt->subs; pkt->subs = sub; diff --git a/ssl/pqueue.c b/ssl/pqueue.c index ee64eb32ca..3787d260b7 100644 --- a/ssl/pqueue.c +++ b/ssl/pqueue.c @@ -18,14 +18,15 @@ struct pqueue_st { pitem *pitem_new(unsigned char *prio64be, void *data) { pitem *item = OPENSSL_malloc(sizeof(*item)); - if (item == NULL) + + if (item == NULL) { + SSLerr(SSL_F_PITEM_NEW, ERR_R_MALLOC_FAILURE); return NULL; + } memcpy(item->priority, prio64be, sizeof(item->priority)); - item->data = data; item->next = NULL; - return item; } @@ -38,6 +39,9 @@ pqueue *pqueue_new() { pqueue *pq = OPENSSL_zalloc(sizeof(*pq)); + if (pq == NULL) + SSLerr(SSL_F_PQUEUE_NEW, ERR_R_MALLOC_FAILURE); + return pq; } diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 49e16fc695..be728dfbe8 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1523,9 +1523,10 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) if (buf == NULL) { len = 128; - buf = OPENSSL_malloc(len); - if (buf == NULL) + if ((buf = OPENSSL_malloc(len)) == NULL) { + SSLerr(SSL_F_SSL_CIPHER_DESCRIPTION, ERR_R_MALLOC_FAILURE); return NULL; + } } else if (len < 128) { return NULL; } diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 64580bb560..0a86a7ea6b 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -43,6 +43,8 @@ static const ERR_STRING_DATA SSL_str_functs[] = { {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_CHECK_TIMEOUT_NUM, 0), "dtls1_check_timeout_num"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_HEARTBEAT, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_HM_FRAGMENT_NEW, 0), + "dtls1_hm_fragment_new"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_PREPROCESS_FRAGMENT, 0), "dtls1_preprocess_fragment"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS, 0), @@ -109,6 +111,8 @@ static const ERR_STRING_DATA SSL_str_functs[] = { {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION, 0), "ossl_statem_server_write_transition"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_PARSE_CA_NAMES, 0), "parse_ca_names"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_PITEM_NEW, 0), "pitem_new"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_PQUEUE_NEW, 0), "pqueue_new"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_PROCESS_KEY_SHARE_EXT, 0), ""}, {ERR_PACK(ERR_LIB_SSL, SSL_F_READ_STATE_MACHINE, 0), "read_state_machine"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_SET_CLIENT_CIPHERSUITE, 0), @@ -188,6 +192,8 @@ static const ERR_STRING_DATA SSL_str_functs[] = { "ssl_check_srvr_ecc_cert_and_alg"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CHOOSE_CLIENT_VERSION, 0), "ssl_choose_client_version"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CIPHER_DESCRIPTION, 0), + "SSL_CIPHER_description"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CIPHER_LIST_TO_BYTES, 0), "ssl_cipher_list_to_bytes"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CIPHER_PROCESS_RULESTR, 0), @@ -195,6 +201,8 @@ static const ERR_STRING_DATA SSL_str_functs[] = { {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CIPHER_STRENGTH_SORT, 0), "ssl_cipher_strength_sort"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CLEAR, 0), "SSL_clear"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT, 0), + "SSL_client_hello_get1_extensions_present"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, 0), "SSL_COMP_add_compression_method"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CONF_CMD, 0), "SSL_CONF_cmd"}, @@ -388,10 +396,17 @@ static const ERR_STRING_DATA SSL_str_functs[] = { "tls1_export_keying_material"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_GET_CURVELIST, 0), "tls1_get_curvelist"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_PRF, 0), "tls1_PRF"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SAVE_U16, 0), "tls1_save_u16"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SETUP_KEY_BLOCK, 0), "tls1_setup_key_block"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SET_GROUPS, 0), "tls1_set_groups"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SET_RAW_SIGALGS, 0), + "tls1_set_raw_sigalgs"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SET_SERVER_SIGALGS, 0), "tls1_set_server_sigalgs"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SET_SHARED_SIGALGS, 0), + "tls1_set_shared_sigalgs"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SET_SIGALGS, 0), "tls1_set_sigalgs"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CHOOSE_SIGALG, 0), "tls_choose_sigalg"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK, 0), "tls_client_key_exchange_post_work"}, @@ -693,6 +708,10 @@ static const ERR_STRING_DATA SSL_str_functs[] = { "tls_setup_handshake"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_USE_CERTIFICATE_CHAIN_FILE, 0), "use_certificate_chain_file"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_WPACKET_INTERN_INIT_LEN, 0), + "wpacket_intern_init_len"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_WPACKET_START_SUB_PACKET_LEN__, 0), + "WPACKET_start_sub_packet_len__"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_WRITE_STATE_MACHINE, 0), "write_state_machine"}, {0, NULL} diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 1509423020..ae157300ae 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -5048,9 +5048,11 @@ int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen) if (ext->present) num++; } - present = OPENSSL_malloc(sizeof(*present) * num); - if (present == NULL) + if ((present = OPENSSL_malloc(sizeof(*present) * num)) == NULL) { + SSLerr(SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT, + ERR_R_MALLOC_FAILURE); return 0; + } for (i = 0; i < s->clienthello->pre_proc_exts_len; i++) { ext = s->clienthello->pre_proc_exts + i; if (ext->present) { diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c index b5e62a2a7e..75ff525c32 100644 --- a/ssl/statem/statem_dtls.c +++ b/ssl/statem/statem_dtls.c @@ -59,13 +59,14 @@ static hm_fragment *dtls1_hm_fragment_new(size_t frag_len, int reassembly) unsigned char *buf = NULL; unsigned char *bitmask = NULL; - frag = OPENSSL_malloc(sizeof(*frag)); - if (frag == NULL) + if ((frag = OPENSSL_malloc(sizeof(*frag))) == NULL) { + SSLerr(SSL_F_DTLS1_HM_FRAGMENT_NEW, ERR_R_MALLOC_FAILURE); return NULL; + } if (frag_len) { - buf = OPENSSL_malloc(frag_len); - if (buf == NULL) { + if ((buf = OPENSSL_malloc(frag_len)) == NULL) { + SSLerr(SSL_F_DTLS1_HM_FRAGMENT_NEW, ERR_R_MALLOC_FAILURE); OPENSSL_free(frag); return NULL; } @@ -78,6 +79,7 @@ static hm_fragment *dtls1_hm_fragment_new(size_t frag_len, int reassembly) if (reassembly) { bitmask = OPENSSL_zalloc(RSMBLY_BITMASK_SIZE(frag_len)); if (bitmask == NULL) { + SSLerr(SSL_F_DTLS1_HM_FRAGMENT_NEW, ERR_R_MALLOC_FAILURE); OPENSSL_free(buf); OPENSSL_free(frag); return NULL; diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index cf5f783c5f..b698e2b9ae 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -342,9 +342,11 @@ int tls1_set_groups(uint16_t **pext, size_t *pextlen, * ids < 32 */ unsigned long dup_list = 0; - glist = OPENSSL_malloc(ngroups * sizeof(*glist)); - if (glist == NULL) + + if ((glist = OPENSSL_malloc(ngroups * sizeof(*glist))) == NULL) { + SSLerr(SSL_F_TLS1_SET_GROUPS, ERR_R_MALLOC_FAILURE); return 0; + } for (i = 0; i < ngroups; i++) { unsigned long idmask; uint16_t id; @@ -1600,9 +1602,10 @@ static int tls1_set_shared_sigalgs(SSL *s) } nmatch = tls12_shared_sigalgs(s, NULL, pref, preflen, allow, allowlen); if (nmatch) { - salgs = OPENSSL_malloc(nmatch * sizeof(*salgs)); - if (salgs == NULL) + if ((salgs = OPENSSL_malloc(nmatch * sizeof(*salgs))) == NULL) { + SSLerr(SSL_F_TLS1_SET_SHARED_SIGALGS, ERR_R_MALLOC_FAILURE); return 0; + } nmatch = tls12_shared_sigalgs(s, salgs, pref, preflen, allow, allowlen); } else { salgs = NULL; @@ -1626,9 +1629,10 @@ int tls1_save_u16(PACKET *pkt, uint16_t **pdest, size_t *pdestlen) size >>= 1; - buf = OPENSSL_malloc(size * sizeof(*buf)); - if (buf == NULL) + if ((buf = OPENSSL_malloc(size * sizeof(*buf))) == NULL) { + SSLerr(SSL_F_TLS1_SAVE_U16, ERR_R_MALLOC_FAILURE); return 0; + } for (i = 0; i < size && PACKET_get_net_2(pkt, &stmp); i++) buf[i] = stmp; @@ -1856,9 +1860,10 @@ int tls1_set_raw_sigalgs(CERT *c, const uint16_t *psigs, size_t salglen, { uint16_t *sigalgs; - sigalgs = OPENSSL_malloc(salglen * sizeof(*sigalgs)); - if (sigalgs == NULL) + if ((sigalgs = OPENSSL_malloc(salglen * sizeof(*sigalgs))) == NULL) { + SSLerr(SSL_F_TLS1_SET_RAW_SIGALGS, ERR_R_MALLOC_FAILURE); return 0; + } memcpy(sigalgs, psigs, salglen * sizeof(*sigalgs)); if (client) { @@ -1881,9 +1886,10 @@ int tls1_set_sigalgs(CERT *c, const int *psig_nids, size_t salglen, int client) if (salglen & 1) return 0; - sigalgs = OPENSSL_malloc((salglen / 2) * sizeof(*sigalgs)); - if (sigalgs == NULL) + if ((sigalgs = OPENSSL_malloc((salglen / 2) * sizeof(*sigalgs))) == NULL) { + SSLerr(SSL_F_TLS1_SET_SIGALGS, ERR_R_MALLOC_FAILURE); return 0; + } for (i = 0, sptr = sigalgs; i < salglen; i += 2) { size_t j; const SIGALG_LOOKUP *curr; |