diff options
| author | miod <> | 2014-09-28 10:52:59 +0000 |
|---|---|---|
| committer | miod <> | 2014-09-28 10:52:59 +0000 |
| commit | 381995f489d8fa8080a47c12e6f19e40c6379e0b (patch) | |
| tree | 45e41daf8a3e34d025e44451817193d4e913bbc9 | |
| parent | 1863db1d9486a762fe4bfcd46c7cce5e0971ed13 (diff) | |
| download | openbsd-381995f489d8fa8080a47c12e6f19e40c6379e0b.tar.gz openbsd-381995f489d8fa8080a47c12e6f19e40c6379e0b.tar.bz2 openbsd-381995f489d8fa8080a47c12e6f19e40c6379e0b.zip | |
X509_TRUST_add(): check X509_TRUST_get0() return value before dereferencing it,
for it may be NULL. Do not leak memory upon error.
ok bcook@
| -rw-r--r-- | src/lib/libcrypto/x509/x509_trs.c | 38 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/x509/x509_trs.c | 38 |
2 files changed, 46 insertions, 30 deletions
diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c index f104c1fd16..544fb5e884 100644 --- a/src/lib/libcrypto/x509/x509_trs.c +++ b/src/lib/libcrypto/x509/x509_trs.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_trs.c,v 1.15 2014/07/11 08:44:49 jsing Exp $ */ | 1 | /* $OpenBSD: x509_trs.c,v 1.16 2014/09/28 10:52:59 miod Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 1999. | 3 | * project 1999. |
| 4 | */ | 4 | */ |
| @@ -190,17 +190,20 @@ X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), | |||
| 190 | return 0; | 190 | return 0; |
| 191 | } | 191 | } |
| 192 | trtmp->flags = X509_TRUST_DYNAMIC; | 192 | trtmp->flags = X509_TRUST_DYNAMIC; |
| 193 | } else | 193 | } else { |
| 194 | trtmp = X509_TRUST_get0(idx); | 194 | trtmp = X509_TRUST_get0(idx); |
| 195 | if (trtmp == NULL) { | ||
| 196 | X509err(X509_F_X509_TRUST_ADD, X509_R_INVALID_TRUST); | ||
| 197 | return 0; | ||
| 198 | } | ||
| 199 | } | ||
| 195 | 200 | ||
| 196 | /* free existing name if dynamic */ | 201 | /* free existing name if dynamic */ |
| 197 | if (trtmp->flags & X509_TRUST_DYNAMIC_NAME) | 202 | if (trtmp->flags & X509_TRUST_DYNAMIC_NAME) |
| 198 | free(trtmp->name); | 203 | free(trtmp->name); |
| 199 | /* dup supplied name */ | 204 | /* dup supplied name */ |
| 200 | if (!(trtmp->name = BUF_strdup(name))) { | 205 | if ((trtmp->name = BUF_strdup(name)) == NULL) |
| 201 | X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE); | 206 | goto err; |
| 202 | return 0; | ||
| 203 | } | ||
| 204 | /* Keep the dynamic flag of existing entry */ | 207 | /* Keep the dynamic flag of existing entry */ |
| 205 | trtmp->flags &= X509_TRUST_DYNAMIC; | 208 | trtmp->flags &= X509_TRUST_DYNAMIC; |
| 206 | /* Set all other flags */ | 209 | /* Set all other flags */ |
| @@ -211,18 +214,23 @@ X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), | |||
| 211 | trtmp->arg1 = arg1; | 214 | trtmp->arg1 = arg1; |
| 212 | trtmp->arg2 = arg2; | 215 | trtmp->arg2 = arg2; |
| 213 | 216 | ||
| 214 | /* If its a new entry manage the dynamic table */ | 217 | /* If it's a new entry, manage the dynamic table */ |
| 215 | if (idx == -1) { | 218 | if (idx == -1) { |
| 216 | if (!trtable && !(trtable = sk_X509_TRUST_new(tr_cmp))) { | 219 | if (trtable == NULL && |
| 217 | X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE); | 220 | (trtable = sk_X509_TRUST_new(tr_cmp)) == NULL) |
| 218 | return 0; | 221 | goto err; |
| 219 | } | 222 | if (sk_X509_TRUST_push(trtable, trtmp) == 0) |
| 220 | if (!sk_X509_TRUST_push(trtable, trtmp)) { | 223 | goto err; |
| 221 | X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE); | ||
| 222 | return 0; | ||
| 223 | } | ||
| 224 | } | 224 | } |
| 225 | return 1; | 225 | return 1; |
| 226 | |||
| 227 | err: | ||
| 228 | if (idx == -1) { | ||
| 229 | free(trtmp->name); | ||
| 230 | free(trtmp); | ||
| 231 | } | ||
| 232 | X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE); | ||
| 233 | return 0; | ||
| 226 | } | 234 | } |
| 227 | 235 | ||
| 228 | static void | 236 | static void |
diff --git a/src/lib/libssl/src/crypto/x509/x509_trs.c b/src/lib/libssl/src/crypto/x509/x509_trs.c index f104c1fd16..544fb5e884 100644 --- a/src/lib/libssl/src/crypto/x509/x509_trs.c +++ b/src/lib/libssl/src/crypto/x509/x509_trs.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_trs.c,v 1.15 2014/07/11 08:44:49 jsing Exp $ */ | 1 | /* $OpenBSD: x509_trs.c,v 1.16 2014/09/28 10:52:59 miod Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 1999. | 3 | * project 1999. |
| 4 | */ | 4 | */ |
| @@ -190,17 +190,20 @@ X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), | |||
| 190 | return 0; | 190 | return 0; |
| 191 | } | 191 | } |
| 192 | trtmp->flags = X509_TRUST_DYNAMIC; | 192 | trtmp->flags = X509_TRUST_DYNAMIC; |
| 193 | } else | 193 | } else { |
| 194 | trtmp = X509_TRUST_get0(idx); | 194 | trtmp = X509_TRUST_get0(idx); |
| 195 | if (trtmp == NULL) { | ||
| 196 | X509err(X509_F_X509_TRUST_ADD, X509_R_INVALID_TRUST); | ||
| 197 | return 0; | ||
| 198 | } | ||
| 199 | } | ||
| 195 | 200 | ||
| 196 | /* free existing name if dynamic */ | 201 | /* free existing name if dynamic */ |
| 197 | if (trtmp->flags & X509_TRUST_DYNAMIC_NAME) | 202 | if (trtmp->flags & X509_TRUST_DYNAMIC_NAME) |
| 198 | free(trtmp->name); | 203 | free(trtmp->name); |
| 199 | /* dup supplied name */ | 204 | /* dup supplied name */ |
| 200 | if (!(trtmp->name = BUF_strdup(name))) { | 205 | if ((trtmp->name = BUF_strdup(name)) == NULL) |
| 201 | X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE); | 206 | goto err; |
| 202 | return 0; | ||
| 203 | } | ||
| 204 | /* Keep the dynamic flag of existing entry */ | 207 | /* Keep the dynamic flag of existing entry */ |
| 205 | trtmp->flags &= X509_TRUST_DYNAMIC; | 208 | trtmp->flags &= X509_TRUST_DYNAMIC; |
| 206 | /* Set all other flags */ | 209 | /* Set all other flags */ |
| @@ -211,18 +214,23 @@ X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), | |||
| 211 | trtmp->arg1 = arg1; | 214 | trtmp->arg1 = arg1; |
| 212 | trtmp->arg2 = arg2; | 215 | trtmp->arg2 = arg2; |
| 213 | 216 | ||
| 214 | /* If its a new entry manage the dynamic table */ | 217 | /* If it's a new entry, manage the dynamic table */ |
| 215 | if (idx == -1) { | 218 | if (idx == -1) { |
| 216 | if (!trtable && !(trtable = sk_X509_TRUST_new(tr_cmp))) { | 219 | if (trtable == NULL && |
| 217 | X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE); | 220 | (trtable = sk_X509_TRUST_new(tr_cmp)) == NULL) |
| 218 | return 0; | 221 | goto err; |
| 219 | } | 222 | if (sk_X509_TRUST_push(trtable, trtmp) == 0) |
| 220 | if (!sk_X509_TRUST_push(trtable, trtmp)) { | 223 | goto err; |
| 221 | X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE); | ||
| 222 | return 0; | ||
| 223 | } | ||
| 224 | } | 224 | } |
| 225 | return 1; | 225 | return 1; |
| 226 | |||
| 227 | err: | ||
| 228 | if (idx == -1) { | ||
| 229 | free(trtmp->name); | ||
| 230 | free(trtmp); | ||
| 231 | } | ||
| 232 | X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE); | ||
| 233 | return 0; | ||
| 226 | } | 234 | } |
| 227 | 235 | ||
| 228 | static void | 236 | static void |