summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormiod <>2015-02-14 14:18:58 +0000
committermiod <>2015-02-14 14:18:58 +0000
commit15b45e3bec309990789c2328654c0474039528ae (patch)
tree717df29458d3ad408fe4bc16d9fe4edb74a7680a
parent7e1045d48323ef7f4cb5b3eb19d3dcaed8453386 (diff)
downloadopenbsd-15b45e3bec309990789c2328654c0474039528ae.tar.gz
openbsd-15b45e3bec309990789c2328654c0474039528ae.tar.bz2
openbsd-15b45e3bec309990789c2328654c0474039528ae.zip
Attempt to correctly free temporary storage upon error. With help from
doug@ and jsing@, ok doug@ three months ago (sigh... I sometimes suck bigtime at commiting bugfixes)
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/pkcs12/p12_npas.c33
-rw-r--r--src/lib/libssl/src/crypto/pkcs12/p12_npas.c33
2 files changed, 36 insertions, 30 deletions
diff --git a/src/lib/libcrypto/pkcs12/p12_npas.c b/src/lib/libcrypto/pkcs12/p12_npas.c
index ab7bdc6458..b9dea51b85 100644
--- a/src/lib/libcrypto/pkcs12/p12_npas.c
+++ b/src/lib/libcrypto/pkcs12/p12_npas.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: p12_npas.c,v 1.9 2014/07/08 09:24:53 jsing Exp $ */ 1/* $OpenBSD: p12_npas.c,v 1.10 2015/02/14 14:18:58 miod Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -118,7 +118,7 @@ newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
118 return 0; 118 return 0;
119 if (!(newsafes = sk_PKCS7_new_null())) 119 if (!(newsafes = sk_PKCS7_new_null()))
120 return 0; 120 return 0;
121 for (i = 0; i < sk_PKCS7_num (asafes); i++) { 121 for (i = 0; i < sk_PKCS7_num(asafes); i++) {
122 p7 = sk_PKCS7_value(asafes, i); 122 p7 = sk_PKCS7_value(asafes, i);
123 bagnid = OBJ_obj2nid(p7->type); 123 bagnid = OBJ_obj2nid(p7->type);
124 if (bagnid == NID_pkcs7_data) { 124 if (bagnid == NID_pkcs7_data) {
@@ -133,14 +133,11 @@ newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
133 } 133 }
134 } else 134 } else
135 continue; 135 continue;
136 if (!bags) { 136 if (bags == NULL)
137 sk_PKCS7_pop_free(asafes, PKCS7_free); 137 goto err;
138 return 0;
139 }
140 if (!newpass_bags(bags, oldpass, newpass)) { 138 if (!newpass_bags(bags, oldpass, newpass)) {
141 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); 139 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
142 sk_PKCS7_pop_free(asafes, PKCS7_free); 140 goto err;
143 return 0;
144 } 141 }
145 /* Repack bag in same form with new password */ 142 /* Repack bag in same form with new password */
146 if (bagnid == NID_pkcs7_data) 143 if (bagnid == NID_pkcs7_data)
@@ -149,19 +146,20 @@ newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
149 p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, 146 p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1,
150 NULL, pbe_saltlen, pbe_iter, bags); 147 NULL, pbe_saltlen, pbe_iter, bags);
151 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); 148 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
152 if (!p7new) { 149 if (p7new == NULL)
153 sk_PKCS7_pop_free(asafes, PKCS7_free); 150 goto err;
154 return 0; 151 if (sk_PKCS7_push(newsafes, p7new) == 0)
155 } 152 goto err;
156 sk_PKCS7_push(newsafes, p7new);
157 } 153 }
158 sk_PKCS7_pop_free(asafes, PKCS7_free); 154 sk_PKCS7_pop_free(asafes, PKCS7_free);
159 155
160 /* Repack safe: save old safe in case of error */ 156 /* Repack safe: save old safe in case of error */
161 157
162 p12_data_tmp = p12->authsafes->d.data; 158 p12_data_tmp = p12->authsafes->d.data;
163 if (!(p12->authsafes->d.data = ASN1_OCTET_STRING_new())) 159 if (!(p12->authsafes->d.data = ASN1_OCTET_STRING_new())) {
164 goto saferr; 160 p12->authsafes->d.data = p12_data_tmp;
161 goto err;
162 }
165 if (!PKCS12_pack_authsafes(p12, newsafes)) 163 if (!PKCS12_pack_authsafes(p12, newsafes))
166 goto saferr; 164 goto saferr;
167 165
@@ -183,6 +181,11 @@ saferr:
183 ASN1_OCTET_STRING_free(macnew); 181 ASN1_OCTET_STRING_free(macnew);
184 p12->authsafes->d.data = p12_data_tmp; 182 p12->authsafes->d.data = p12_data_tmp;
185 return 0; 183 return 0;
184
185err:
186 sk_PKCS7_pop_free(asafes, PKCS7_free);
187 sk_PKCS7_pop_free(newsafes, PKCS7_free);
188 return 0;
186} 189}
187 190
188 191
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_npas.c b/src/lib/libssl/src/crypto/pkcs12/p12_npas.c
index ab7bdc6458..b9dea51b85 100644
--- a/src/lib/libssl/src/crypto/pkcs12/p12_npas.c
+++ b/src/lib/libssl/src/crypto/pkcs12/p12_npas.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: p12_npas.c,v 1.9 2014/07/08 09:24:53 jsing Exp $ */ 1/* $OpenBSD: p12_npas.c,v 1.10 2015/02/14 14:18:58 miod Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -118,7 +118,7 @@ newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
118 return 0; 118 return 0;
119 if (!(newsafes = sk_PKCS7_new_null())) 119 if (!(newsafes = sk_PKCS7_new_null()))
120 return 0; 120 return 0;
121 for (i = 0; i < sk_PKCS7_num (asafes); i++) { 121 for (i = 0; i < sk_PKCS7_num(asafes); i++) {
122 p7 = sk_PKCS7_value(asafes, i); 122 p7 = sk_PKCS7_value(asafes, i);
123 bagnid = OBJ_obj2nid(p7->type); 123 bagnid = OBJ_obj2nid(p7->type);
124 if (bagnid == NID_pkcs7_data) { 124 if (bagnid == NID_pkcs7_data) {
@@ -133,14 +133,11 @@ newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
133 } 133 }
134 } else 134 } else
135 continue; 135 continue;
136 if (!bags) { 136 if (bags == NULL)
137 sk_PKCS7_pop_free(asafes, PKCS7_free); 137 goto err;
138 return 0;
139 }
140 if (!newpass_bags(bags, oldpass, newpass)) { 138 if (!newpass_bags(bags, oldpass, newpass)) {
141 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); 139 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
142 sk_PKCS7_pop_free(asafes, PKCS7_free); 140 goto err;
143 return 0;
144 } 141 }
145 /* Repack bag in same form with new password */ 142 /* Repack bag in same form with new password */
146 if (bagnid == NID_pkcs7_data) 143 if (bagnid == NID_pkcs7_data)
@@ -149,19 +146,20 @@ newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
149 p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, 146 p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1,
150 NULL, pbe_saltlen, pbe_iter, bags); 147 NULL, pbe_saltlen, pbe_iter, bags);
151 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); 148 sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
152 if (!p7new) { 149 if (p7new == NULL)
153 sk_PKCS7_pop_free(asafes, PKCS7_free); 150 goto err;
154 return 0; 151 if (sk_PKCS7_push(newsafes, p7new) == 0)
155 } 152 goto err;
156 sk_PKCS7_push(newsafes, p7new);
157 } 153 }
158 sk_PKCS7_pop_free(asafes, PKCS7_free); 154 sk_PKCS7_pop_free(asafes, PKCS7_free);
159 155
160 /* Repack safe: save old safe in case of error */ 156 /* Repack safe: save old safe in case of error */
161 157
162 p12_data_tmp = p12->authsafes->d.data; 158 p12_data_tmp = p12->authsafes->d.data;
163 if (!(p12->authsafes->d.data = ASN1_OCTET_STRING_new())) 159 if (!(p12->authsafes->d.data = ASN1_OCTET_STRING_new())) {
164 goto saferr; 160 p12->authsafes->d.data = p12_data_tmp;
161 goto err;
162 }
165 if (!PKCS12_pack_authsafes(p12, newsafes)) 163 if (!PKCS12_pack_authsafes(p12, newsafes))
166 goto saferr; 164 goto saferr;
167 165
@@ -183,6 +181,11 @@ saferr:
183 ASN1_OCTET_STRING_free(macnew); 181 ASN1_OCTET_STRING_free(macnew);
184 p12->authsafes->d.data = p12_data_tmp; 182 p12->authsafes->d.data = p12_data_tmp;
185 return 0; 183 return 0;
184
185err:
186 sk_PKCS7_pop_free(asafes, PKCS7_free);
187 sk_PKCS7_pop_free(newsafes, PKCS7_free);
188 return 0;
186} 189}
187 190
188 191
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-01 18:14:38 +0000