From b4faea50c35d92a67d1369355b49cc3efba78406 Mon Sep 17 00:00:00 2001
From: Rich Salz <rsalz@akamai.com>
Date: Fri, 1 May 2015 23:10:31 -0400
Subject: Use safer sizeof variant in malloc

For a local variable:
        TYPE *p;
Allocations like this are "risky":
        p = OPENSSL_malloc(sizeof(TYPE));
if the type of p changes, and the malloc call isn't updated, you
could get memory corruption.  Instead do this:
        p = OPENSSL_malloc(sizeof(*p));
Also fixed a few memset() calls that I noticed while doing this.

Reviewed-by: Richard Levitte <levitte@openssl.org>
---
 crypto/objects/Makefile   |  8 ++++----
 crypto/objects/o_names.c  |  8 ++++----
 crypto/objects/obj_dat.c  | 11 ++++-------
 crypto/objects/obj_xref.c |  2 +-
 4 files changed, 13 insertions(+), 16 deletions(-)

(limited to 'crypto/objects')

diff --git a/crypto/objects/Makefile b/crypto/objects/Makefile
index ad2db1e809..6e9fa2e47f 100644
--- a/crypto/objects/Makefile
+++ b/crypto/objects/Makefile
@@ -106,10 +106,10 @@ obj_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 obj_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 obj_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 obj_lib.o: ../cryptlib.h ../include/internal/asn1_int.h obj_lib.c
-obj_xref.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-obj_xref.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-obj_xref.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-obj_xref.o: ../../include/openssl/opensslconf.h
+obj_xref.o: ../../e_os.h ../../include/openssl/asn1.h
+obj_xref.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+obj_xref.o: ../../include/openssl/e_os2.h ../../include/openssl/obj_mac.h
+obj_xref.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 obj_xref.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 obj_xref.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 obj_xref.o: ../../include/openssl/symhacks.h obj_xref.c obj_xref.h
diff --git a/crypto/objects/o_names.c b/crypto/objects/o_names.c
index 1fa6426a4f..d861b6d083 100644
--- a/crypto/objects/o_names.c
+++ b/crypto/objects/o_names.c
@@ -83,7 +83,7 @@ int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *),
     names_type_num++;
     for (i = sk_NAME_FUNCS_num(name_funcs_stack); i < names_type_num; i++) {
         MemCheck_off();
-        name_funcs = OPENSSL_malloc(sizeof(NAME_FUNCS));
+        name_funcs = OPENSSL_malloc(sizeof(*name_funcs));
         MemCheck_on();
         if (!name_funcs) {
             OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX, ERR_R_MALLOC_FAILURE);
@@ -187,7 +187,7 @@ int OBJ_NAME_add(const char *name, int type, const char *data)
     alias = type & OBJ_NAME_ALIAS;
     type &= ~OBJ_NAME_ALIAS;
 
-    onp = OPENSSL_malloc(sizeof(OBJ_NAME));
+    onp = OPENSSL_malloc(sizeof(*onp));
     if (onp == NULL) {
         /* ERROR */
         return (0);
@@ -310,13 +310,13 @@ void OBJ_NAME_do_all_sorted(int type,
 
     d.type = type;
     d.names =
-        OPENSSL_malloc(lh_OBJ_NAME_num_items(names_lh) * sizeof *d.names);
+        OPENSSL_malloc(sizeof(*d.names) * lh_OBJ_NAME_num_items(names_lh));
     /* Really should return an error if !d.names...but its a void function! */
     if (d.names) {
         d.n = 0;
         OBJ_NAME_do_all(type, do_all_sorted_fn, &d);
 
-        qsort((void *)d.names, d.n, sizeof *d.names, do_all_sorted_cmp);
+        qsort((void *)d.names, d.n, sizeof(*d.names), do_all_sorted_cmp);
 
         for (n = 0; n < d.n; ++n)
             fn(d.names[n], arg);
diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c
index bca3dedd79..82af4a4006 100644
--- a/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c
@@ -255,19 +255,16 @@ int OBJ_add_object(const ASN1_OBJECT *obj)
             return (0);
     if ((o = OBJ_dup(obj)) == NULL)
         goto err;
-    if (!(ao[ADDED_NID] = OPENSSL_malloc(sizeof(ADDED_OBJ))))
+    if (!(ao[ADDED_NID] = OPENSSL_malloc(sizeof(*ao))))
         goto err2;
     if ((o->length != 0) && (obj->data != NULL))
-        if (!
-            (ao[ADDED_DATA] = OPENSSL_malloc(sizeof(ADDED_OBJ))))
+        if (!(ao[ADDED_DATA] = OPENSSL_malloc(sizeof(*ao))))
             goto err2;
     if (o->sn != NULL)
-        if (!
-            (ao[ADDED_SNAME] = OPENSSL_malloc(sizeof(ADDED_OBJ))))
+        if (!(ao[ADDED_SNAME] = OPENSSL_malloc(sizeof(*ao))))
             goto err2;
     if (o->ln != NULL)
-        if (!
-            (ao[ADDED_LNAME] = OPENSSL_malloc(sizeof(ADDED_OBJ))))
+        if (!(ao[ADDED_LNAME] = OPENSSL_malloc(sizeof(*ao))))
             goto err2;
 
     for (i = ADDED_DATA; i <= ADDED_NID; i++) {
diff --git a/crypto/objects/obj_xref.c b/crypto/objects/obj_xref.c
index 10ce6397d6..44471a3780 100644
--- a/crypto/objects/obj_xref.c
+++ b/crypto/objects/obj_xref.c
@@ -154,7 +154,7 @@ int OBJ_add_sigid(int signid, int dig_id, int pkey_id)
         sigx_app = sk_nid_triple_new(sigx_cmp);
     if (!sigx_app)
         return 0;
-    ntr = OPENSSL_malloc(sizeof(int) * 3);
+    ntr = OPENSSL_malloc(sizeof(*ntr));
     if (!ntr)
         return 0;
     ntr->sign_id = signid;
-- 
cgit v1.2.3