From b51bce942023325e727ca4225252d06c49d8f2b7 Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Tue, 25 Aug 2015 13:25:58 -0400 Subject: Add and use OPENSSL_zalloc There are many places (nearly 50) where we malloc and then memset. Add an OPENSSL_zalloc routine to encapsulate that. (Missed one conversion; thanks Richard) Also fixes GH328 Reviewed-by: Richard Levitte --- ssl/bio_ssl.c | 3 +-- ssl/d1_both.c | 3 +-- ssl/d1_lib.c | 3 +-- ssl/s3_lib.c | 3 +-- ssl/ssl_cert.c | 7 ++----- ssl/ssl_ciph.c | 3 +-- ssl/ssl_lib.c | 10 ++-------- ssl/ssl_sess.c | 3 +-- 8 files changed, 10 insertions(+), 25 deletions(-) (limited to 'ssl') diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c index aa6d623191..639b10556a 100644 --- a/ssl/bio_ssl.c +++ b/ssl/bio_ssl.c @@ -101,13 +101,12 @@ BIO_METHOD *BIO_f_ssl(void) static int ssl_new(BIO *bi) { - BIO_SSL *bs = OPENSSL_malloc(sizeof(*bs)); + BIO_SSL *bs = OPENSSL_zalloc(sizeof(*bs)); if (bs == NULL) { BIOerr(BIO_F_SSL_NEW, ERR_R_MALLOC_FAILURE); return (0); } - memset(bs, 0, sizeof(*bs)); bi->init = 0; bi->ptr = (char *)bs; bi->flags = 0; diff --git a/ssl/d1_both.c b/ssl/d1_both.c index d2f5defe14..52b7304af2 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -187,13 +187,12 @@ static hm_fragment *dtls1_hm_fragment_new(unsigned long frag_len, /* Initialize reassembly bitmask if necessary */ if (reassembly) { - bitmask = OPENSSL_malloc(RSMBLY_BITMASK_SIZE(frag_len)); + bitmask = OPENSSL_zalloc(RSMBLY_BITMASK_SIZE(frag_len)); if (bitmask == NULL) { OPENSSL_free(buf); OPENSSL_free(frag); return NULL; } - memset(bitmask, 0, RSMBLY_BITMASK_SIZE(frag_len)); } frag->reassembly = bitmask; diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index fc1887ab35..d3b582a98c 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -135,11 +135,10 @@ int dtls1_new(SSL *s) if (!ssl3_new(s)) return (0); - if ((d1 = OPENSSL_malloc(sizeof(*d1))) == NULL) { + if ((d1 = OPENSSL_zalloc(sizeof(*d1))) == NULL) { ssl3_free(s); return (0); } - memset(d1, 0, sizeof(*d1)); d1->buffered_messages = pqueue_new(); d1->sent_messages = pqueue_new(); diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 47d28e73ad..bb090efc48 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3836,9 +3836,8 @@ int ssl3_new(SSL *s) { SSL3_STATE *s3; - if ((s3 = OPENSSL_malloc(sizeof(*s3))) == NULL) + if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL) goto err; - memset(s3, 0, sizeof(*s3)); s->s3 = s3; #ifndef OPENSSL_NO_SRP diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 11839612f2..c3e2c2ed0a 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -167,13 +167,12 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void) CERT *ssl_cert_new(void) { - CERT *ret = OPENSSL_malloc(sizeof(*ret)); + CERT *ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) { SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_MALLOC_FAILURE); return (NULL); } - memset(ret, 0, sizeof(*ret)); ret->key = &(ret->pkeys[SSL_PKEY_RSA_ENC]); ret->references = 1; @@ -185,7 +184,7 @@ CERT *ssl_cert_new(void) CERT *ssl_cert_dup(CERT *cert) { - CERT *ret = OPENSSL_malloc(sizeof(*ret)); + CERT *ret = OPENSSL_zalloc(sizeof(*ret)); int i; if (ret == NULL) { @@ -193,8 +192,6 @@ CERT *ssl_cert_dup(CERT *cert) return (NULL); } - memset(ret, 0, sizeof(*ret)); - ret->key = &ret->pkeys[cert->key - cert->pkeys]; #ifndef OPENSSL_NO_RSA diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index c048fc2a8c..2dd2379819 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1038,12 +1038,11 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, curr = curr->next; } - number_uses = OPENSSL_malloc(sizeof(int) * (max_strength_bits + 1)); + number_uses = OPENSSL_zalloc(sizeof(int) * (max_strength_bits + 1)); if (!number_uses) { SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT, ERR_R_MALLOC_FAILURE); return (0); } - memset(number_uses, 0, sizeof(int) * (max_strength_bits + 1)); /* * Now find the strength_bits values actually used diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index fd1561e52d..b1d4771e9a 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -277,10 +277,9 @@ SSL *SSL_new(SSL_CTX *ctx) return (NULL); } - s = OPENSSL_malloc(sizeof(*s)); + s = OPENSSL_zalloc(sizeof(*s)); if (s == NULL) goto err; - memset(s, 0, sizeof(*s)); RECORD_LAYER_init(&s->rlayer, s); @@ -1684,14 +1683,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); goto err; } - ret = OPENSSL_malloc(sizeof(*ret)); + ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) goto err; - memset(ret, 0, sizeof(*ret)); - ret->method = meth; - ret->cert_store = NULL; ret->session_cache_mode = SSL_SESS_CACHE_SERVER; ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT; @@ -1706,8 +1702,6 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) ret->get_session_cb = 0; ret->generate_session_id = 0; - memset(&ret->stats, 0, sizeof(ret->stats)); - ret->references = 1; ret->quiet_shutdown = 0; ret->info_callback = NULL; diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 69e6d7fea5..3e980bf5cb 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -193,12 +193,11 @@ SSL_SESSION *SSL_SESSION_new(void) { SSL_SESSION *ss; - ss = OPENSSL_malloc(sizeof(*ss)); + ss = OPENSSL_zalloc(sizeof(*ss)); if (ss == NULL) { SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE); return (0); } - memset(ss, 0, sizeof(*ss)); ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ ss->references = 1; -- cgit v1.2.3