From 918bb8652969fd53f0c390c1cd909265ed502c7e Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 4 Mar 2015 17:49:51 +0000 Subject: Unchecked malloc fixes Miscellaneous unchecked malloc fixes. Also fixed some mem leaks on error paths as I spotted them along the way. Reviewed-by: Tim Hudson --- apps/apps.c | 11 +++++++++++ apps/ca.c | 8 ++++++++ apps/cms.c | 4 ++++ apps/dgst.c | 5 +++++ apps/rsautl.c | 5 +++++ apps/s_cb.c | 5 +++++ apps/s_client.c | 5 +++++ apps/s_server.c | 20 +++++++++++++++++++- apps/speed.c | 12 ++++++++++-- apps/srp.c | 8 ++++++++ apps/x509.c | 5 +++++ 11 files changed, 85 insertions(+), 3 deletions(-) (limited to 'apps') diff --git a/apps/apps.c b/apps/apps.c index 8412e24687..233d382cd5 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -576,6 +576,11 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp) char *prompt = NULL; prompt = UI_construct_prompt(ui, "pass phrase", prompt_info); + if(!prompt) { + BIO_printf(bio_err, "Out of memory\n"); + UI_free(ui); + return 0; + } ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD; UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0); @@ -585,6 +590,12 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp) PW_MIN_LENGTH, bufsiz - 1); if (ok >= 0 && verify) { buff = (char *)OPENSSL_malloc(bufsiz); + if(!buff) { + BIO_printf(bio_err, "Out of memory\n"); + UI_free(ui); + OPENSSL_free(prompt); + return 0; + } ok = UI_add_verify_string(ui, prompt, ui_flags, buff, PW_MIN_LENGTH, bufsiz - 1, buf); } diff --git a/apps/ca.c b/apps/ca.c index bcb3f50d8a..814162d0b9 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -563,10 +563,18 @@ int MAIN(int argc, char **argv) #ifdef OPENSSL_SYS_VMS len = strlen(s) + sizeof(CONFIG_FILE); tofree = OPENSSL_malloc(len); + if(!tofree) { + BIO_printf(bio_err, "Out of memory\n"); + goto err; + } strcpy(tofree, s); #else len = strlen(s) + sizeof(CONFIG_FILE) + 1; tofree = OPENSSL_malloc(len); + if(!tofree) { + BIO_printf(bio_err, "Out of memory\n"); + goto err; + } BUF_strlcpy(tofree, s, len); BUF_strlcat(tofree, "/", len); #endif diff --git a/apps/cms.c b/apps/cms.c index 479d1dddf2..d983e28de9 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -465,6 +465,10 @@ int MAIN(int argc, char **argv) if (key_param == NULL || key_param->idx != keyidx) { cms_key_param *nparam; nparam = OPENSSL_malloc(sizeof(cms_key_param)); + if(!nparam) { + BIO_printf(bio_err, "Out of memory\n"); + goto argerr; + } nparam->idx = keyidx; nparam->param = sk_OPENSSL_STRING_new_null(); nparam->next = NULL; diff --git a/apps/dgst.c b/apps/dgst.c index adb7a060a2..47c2f69e1b 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -460,6 +460,11 @@ int MAIN(int argc, char **argv) ERR_print_errors(bio_err); goto end; } + if (!sigbuf) { + BIO_printf(bio_err, "Out of memory\n"); + ERR_print_errors(bio_err); + goto end; + } siglen = BIO_read(sigbio, sigbuf, siglen); BIO_free(sigbio); if (siglen <= 0) { diff --git a/apps/rsautl.c b/apps/rsautl.c index 0030aca126..d642f9ad97 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -268,6 +268,11 @@ int MAIN(int argc, char **argv) rsa_in = OPENSSL_malloc(keysize * 2); rsa_out = OPENSSL_malloc(keysize); + if (!rsa_in || !rsa_out) { + BIO_printf(bio_err, "Out of memory\n"); + ERR_print_errors(bio_err); + goto end; + } /* Read the input data */ rsa_inlen = BIO_read(in, rsa_in, keysize * 2); diff --git a/apps/s_cb.c b/apps/s_cb.c index eef86cb77b..12f7b8cb03 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -460,8 +460,13 @@ int ssl_print_curves(BIO *out, SSL *s, int noshared) if (ncurves <= 0) return 1; curves = OPENSSL_malloc(ncurves * sizeof(int)); + if(!curves) { + BIO_puts(out, "Malloc error getting supported curves\n"); + return 0; + } SSL_get1_curves(s, curves); + BIO_puts(out, "Supported Elliptic Curves: "); for (i = 0; i < ncurves; i++) { if (i) diff --git a/apps/s_client.c b/apps/s_client.c index bc82239f1b..3ec754f346 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -550,6 +550,11 @@ static char *ssl_give_srp_client_pwd_cb(SSL *s, void *arg) PW_CB_DATA cb_tmp; int l; + if(!pass) { + BIO_printf(bio_err, "Malloc failure\n"); + return NULL; + } + cb_tmp.password = (char *)srp_arg->srppassin; cb_tmp.prompt_info = "SRP user"; if ((l = password_callback(pass, PWD_STRLEN, 0, &cb_tmp)) < 0) { diff --git a/apps/s_server.c b/apps/s_server.c index 1792a3c1b1..cf5b50016f 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -649,6 +649,8 @@ static int ebcdic_new(BIO *bi) EBCDIC_OUTBUFF *wbuf; wbuf = (EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + 1024); + if (!wbuf) + return 0; wbuf->alloced = 1024; wbuf->buff[0] = '\0'; @@ -703,9 +705,11 @@ static int ebcdic_write(BIO *b, const char *in, int inl) num = num + num; /* double the size */ if (num < inl) num = inl; - OPENSSL_free(wbuf); wbuf = (EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num); + if(!wbuf) + return 0; + OPENSSL_free(b->ptr); wbuf->alloced = num; wbuf->buff[0] = '\0'; @@ -3204,6 +3208,10 @@ static int add_session(SSL *ssl, SSL_SESSION *session) unsigned char *p; sess = OPENSSL_malloc(sizeof(simple_ssl_session)); + if(!sess) { + BIO_printf(bio_err, "Out of memory adding session to external cache\n"); + return 0; + } SSL_SESSION_get_id(session, &sess->idlen); sess->derlen = i2d_SSL_SESSION(session, NULL); @@ -3211,6 +3219,16 @@ static int add_session(SSL *ssl, SSL_SESSION *session) sess->id = BUF_memdup(SSL_SESSION_get_id(session, NULL), sess->idlen); sess->der = OPENSSL_malloc(sess->derlen); + if(!sess->id || !sess->der) { + BIO_printf(bio_err, "Out of memory adding session to external cache\n"); + + if(sess->id) + OPENSSL_free(sess->id); + if(sess->der) + OPENSSL_free(sess->der); + OPENSSL_free(sess); + return 0; + } p = sess->der; i2d_SSL_SESSION(session, &p); diff --git a/apps/speed.c b/apps/speed.c index ee9d2de706..57b53ce32e 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -2764,6 +2764,11 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher) inp = OPENSSL_malloc(mblengths[num - 1]); out = OPENSSL_malloc(mblengths[num - 1] + 1024); + if(!inp || !out) { + BIO_printf(bio_err,"Out of memory\n"); + goto end; + } + EVP_CIPHER_CTX_init(&ctx); EVP_EncryptInit_ex(&ctx, evp_cipher, NULL, no_key, no_iv); @@ -2848,6 +2853,9 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher) fprintf(stdout, "\n"); } - OPENSSL_free(inp); - OPENSSL_free(out); +end: + if(inp) + OPENSSL_free(inp); + if(out) + OPENSSL_free(out); } diff --git a/apps/srp.c b/apps/srp.c index e832535dd1..b9312f8dfc 100644 --- a/apps/srp.c +++ b/apps/srp.c @@ -437,10 +437,18 @@ int MAIN(int argc, char **argv) # ifdef OPENSSL_SYS_VMS len = strlen(s) + sizeof(CONFIG_FILE); tofree = OPENSSL_malloc(len); + if(!tofree) { + BIO_printf(bio_err, "Out of memory\n"); + goto err; + } strcpy(tofree, s); # else len = strlen(s) + sizeof(CONFIG_FILE) + 1; tofree = OPENSSL_malloc(len); + if(!tofree) { + BIO_printf(bio_err, "Out of memory\n"); + goto err; + } BUF_strlcpy(tofree, s, len); BUF_strlcat(tofree, "/", len); # endif diff --git a/apps/x509.c b/apps/x509.c index 4b08c181ee..380f0f0be7 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -819,6 +819,11 @@ int MAIN(int argc, char **argv) z = i2d_X509(x, NULL); m = OPENSSL_malloc(z); + if (!m) { + BIO_printf(bio_err, "Out of memory\n"); + ERR_print_errors(bio_err); + goto end; + } d = (unsigned char *)m; z = i2d_X509_NAME(X509_get_subject_name(x), &d); -- cgit v1.2.3