From e42c208235a86beee16ff0d0e6ca4e164a57d21a Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Fri, 27 Jun 2014 03:21:10 +0100
Subject: Memory leak and NULL dereference fixes.

PR#3403
(cherry picked from commit d2aea038297e0c64ca66e6844cbb37377365885e)
---
 apps/apps.c   | 4 ++++
 apps/ca.c     | 3 +++
 apps/crl2p7.c | 8 +++++++-
 3 files changed, 14 insertions(+), 1 deletion(-)

(limited to 'apps')

diff --git a/apps/apps.c b/apps/apps.c
index 016a2d01d0..1183d06e26 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -392,6 +392,8 @@ int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
 		{
 		arg->count=20;
 		arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count);
+		if (arg->data == NULL)
+			return 0;
 		}
 	for (i=0; i<arg->count; i++)
 		arg->data[i]=NULL;
@@ -1661,6 +1663,8 @@ char *make_config_name()
 
 	len=strlen(t)+strlen(OPENSSL_CONF)+2;
 	p=OPENSSL_malloc(len);
+	if (p == NULL)
+		return NULL;
 	BUF_strlcpy(p,t,len);
 #ifndef OPENSSL_SYS_VMS
 	BUF_strlcat(p,"/",len);
diff --git a/apps/ca.c b/apps/ca.c
index 5d488e2fac..3b72d8668c 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -2800,6 +2800,9 @@ char *make_revocation_str(int rev_type, char *rev_arg)
 
 	revtm = X509_gmtime_adj(NULL, 0);
 
+	if (!revtm)
+		return NULL;
+
 	i = revtm->length + 1;
 
 	if (reason) i += strlen(reason) + 1;
diff --git a/apps/crl2p7.c b/apps/crl2p7.c
index bbc83774db..42c6886b83 100644
--- a/apps/crl2p7.c
+++ b/apps/crl2p7.c
@@ -141,7 +141,13 @@ int MAIN(int argc, char **argv)
 			{
 			if (--argc < 1) goto bad;
 			if(!certflst) certflst = sk_OPENSSL_STRING_new_null();
-			sk_OPENSSL_STRING_push(certflst,*(++argv));
+			if (!certflst)
+				goto end;
+			if (!sk_OPENSSL_STRING_push(certflst,*(++argv)))
+				{
+				sk_OPENSSL_STRING_free(certflst);
+				goto end;
+				}
 			}
 		else
 			{
-- 
cgit v1.2.3