diff options
| author | miod <> | 2015-02-14 14:18:58 +0000 |
|---|---|---|
| committer | miod <> | 2015-02-14 14:18:58 +0000 |
| commit | 4eccaff90192bfec4f0bc61f0dba0ad8f587f233 (patch) | |
| tree | 717df29458d3ad408fe4bc16d9fe4edb74a7680a | |
| parent | 88853a20be023939d14cfde9e86a81bfcc75ef7b (diff) | |
| download | openbsd-4eccaff90192bfec4f0bc61f0dba0ad8f587f233.tar.gz openbsd-4eccaff90192bfec4f0bc61f0dba0ad8f587f233.tar.bz2 openbsd-4eccaff90192bfec4f0bc61f0dba0ad8f587f233.zip | |
Attempt to correctly free temporary storage upon error. With help from
doug@ and jsing@, ok doug@ three months ago (sigh... I sometimes suck bigtime
at commiting bugfixes)
| -rw-r--r-- | src/lib/libcrypto/pkcs12/p12_npas.c | 33 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/pkcs12/p12_npas.c | 33 |
2 files changed, 36 insertions, 30 deletions
diff --git a/src/lib/libcrypto/pkcs12/p12_npas.c b/src/lib/libcrypto/pkcs12/p12_npas.c index ab7bdc6458..b9dea51b85 100644 --- a/src/lib/libcrypto/pkcs12/p12_npas.c +++ b/src/lib/libcrypto/pkcs12/p12_npas.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: p12_npas.c,v 1.9 2014/07/08 09:24:53 jsing Exp $ */ | 1 | /* $OpenBSD: p12_npas.c,v 1.10 2015/02/14 14:18:58 miod Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 1999. | 3 | * project 1999. |
| 4 | */ | 4 | */ |
| @@ -118,7 +118,7 @@ newpass_p12(PKCS12 *p12, char *oldpass, char *newpass) | |||
| 118 | return 0; | 118 | return 0; |
| 119 | if (!(newsafes = sk_PKCS7_new_null())) | 119 | if (!(newsafes = sk_PKCS7_new_null())) |
| 120 | return 0; | 120 | return 0; |
| 121 | for (i = 0; i < sk_PKCS7_num (asafes); i++) { | 121 | for (i = 0; i < sk_PKCS7_num(asafes); i++) { |
| 122 | p7 = sk_PKCS7_value(asafes, i); | 122 | p7 = sk_PKCS7_value(asafes, i); |
| 123 | bagnid = OBJ_obj2nid(p7->type); | 123 | bagnid = OBJ_obj2nid(p7->type); |
| 124 | if (bagnid == NID_pkcs7_data) { | 124 | if (bagnid == NID_pkcs7_data) { |
| @@ -133,14 +133,11 @@ newpass_p12(PKCS12 *p12, char *oldpass, char *newpass) | |||
| 133 | } | 133 | } |
| 134 | } else | 134 | } else |
| 135 | continue; | 135 | continue; |
| 136 | if (!bags) { | 136 | if (bags == NULL) |
| 137 | sk_PKCS7_pop_free(asafes, PKCS7_free); | 137 | goto err; |
| 138 | return 0; | ||
| 139 | } | ||
| 140 | if (!newpass_bags(bags, oldpass, newpass)) { | 138 | if (!newpass_bags(bags, oldpass, newpass)) { |
| 141 | sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); | 139 | sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); |
| 142 | sk_PKCS7_pop_free(asafes, PKCS7_free); | 140 | goto err; |
| 143 | return 0; | ||
| 144 | } | 141 | } |
| 145 | /* Repack bag in same form with new password */ | 142 | /* Repack bag in same form with new password */ |
| 146 | if (bagnid == NID_pkcs7_data) | 143 | if (bagnid == NID_pkcs7_data) |
| @@ -149,19 +146,20 @@ newpass_p12(PKCS12 *p12, char *oldpass, char *newpass) | |||
| 149 | p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, | 146 | p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, |
| 150 | NULL, pbe_saltlen, pbe_iter, bags); | 147 | NULL, pbe_saltlen, pbe_iter, bags); |
| 151 | sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); | 148 | sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); |
| 152 | if (!p7new) { | 149 | if (p7new == NULL) |
| 153 | sk_PKCS7_pop_free(asafes, PKCS7_free); | 150 | goto err; |
| 154 | return 0; | 151 | if (sk_PKCS7_push(newsafes, p7new) == 0) |
| 155 | } | 152 | goto err; |
| 156 | sk_PKCS7_push(newsafes, p7new); | ||
| 157 | } | 153 | } |
| 158 | sk_PKCS7_pop_free(asafes, PKCS7_free); | 154 | sk_PKCS7_pop_free(asafes, PKCS7_free); |
| 159 | 155 | ||
| 160 | /* Repack safe: save old safe in case of error */ | 156 | /* Repack safe: save old safe in case of error */ |
| 161 | 157 | ||
| 162 | p12_data_tmp = p12->authsafes->d.data; | 158 | p12_data_tmp = p12->authsafes->d.data; |
| 163 | if (!(p12->authsafes->d.data = ASN1_OCTET_STRING_new())) | 159 | if (!(p12->authsafes->d.data = ASN1_OCTET_STRING_new())) { |
| 164 | goto saferr; | 160 | p12->authsafes->d.data = p12_data_tmp; |
| 161 | goto err; | ||
| 162 | } | ||
| 165 | if (!PKCS12_pack_authsafes(p12, newsafes)) | 163 | if (!PKCS12_pack_authsafes(p12, newsafes)) |
| 166 | goto saferr; | 164 | goto saferr; |
| 167 | 165 | ||
| @@ -183,6 +181,11 @@ saferr: | |||
| 183 | ASN1_OCTET_STRING_free(macnew); | 181 | ASN1_OCTET_STRING_free(macnew); |
| 184 | p12->authsafes->d.data = p12_data_tmp; | 182 | p12->authsafes->d.data = p12_data_tmp; |
| 185 | return 0; | 183 | return 0; |
| 184 | |||
| 185 | err: | ||
| 186 | sk_PKCS7_pop_free(asafes, PKCS7_free); | ||
| 187 | sk_PKCS7_pop_free(newsafes, PKCS7_free); | ||
| 188 | return 0; | ||
| 186 | } | 189 | } |
| 187 | 190 | ||
| 188 | 191 | ||
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_npas.c b/src/lib/libssl/src/crypto/pkcs12/p12_npas.c index ab7bdc6458..b9dea51b85 100644 --- a/src/lib/libssl/src/crypto/pkcs12/p12_npas.c +++ b/src/lib/libssl/src/crypto/pkcs12/p12_npas.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: p12_npas.c,v 1.9 2014/07/08 09:24:53 jsing Exp $ */ | 1 | /* $OpenBSD: p12_npas.c,v 1.10 2015/02/14 14:18:58 miod Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 1999. | 3 | * project 1999. |
| 4 | */ | 4 | */ |
| @@ -118,7 +118,7 @@ newpass_p12(PKCS12 *p12, char *oldpass, char *newpass) | |||
| 118 | return 0; | 118 | return 0; |
| 119 | if (!(newsafes = sk_PKCS7_new_null())) | 119 | if (!(newsafes = sk_PKCS7_new_null())) |
| 120 | return 0; | 120 | return 0; |
| 121 | for (i = 0; i < sk_PKCS7_num (asafes); i++) { | 121 | for (i = 0; i < sk_PKCS7_num(asafes); i++) { |
| 122 | p7 = sk_PKCS7_value(asafes, i); | 122 | p7 = sk_PKCS7_value(asafes, i); |
| 123 | bagnid = OBJ_obj2nid(p7->type); | 123 | bagnid = OBJ_obj2nid(p7->type); |
| 124 | if (bagnid == NID_pkcs7_data) { | 124 | if (bagnid == NID_pkcs7_data) { |
| @@ -133,14 +133,11 @@ newpass_p12(PKCS12 *p12, char *oldpass, char *newpass) | |||
| 133 | } | 133 | } |
| 134 | } else | 134 | } else |
| 135 | continue; | 135 | continue; |
| 136 | if (!bags) { | 136 | if (bags == NULL) |
| 137 | sk_PKCS7_pop_free(asafes, PKCS7_free); | 137 | goto err; |
| 138 | return 0; | ||
| 139 | } | ||
| 140 | if (!newpass_bags(bags, oldpass, newpass)) { | 138 | if (!newpass_bags(bags, oldpass, newpass)) { |
| 141 | sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); | 139 | sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); |
| 142 | sk_PKCS7_pop_free(asafes, PKCS7_free); | 140 | goto err; |
| 143 | return 0; | ||
| 144 | } | 141 | } |
| 145 | /* Repack bag in same form with new password */ | 142 | /* Repack bag in same form with new password */ |
| 146 | if (bagnid == NID_pkcs7_data) | 143 | if (bagnid == NID_pkcs7_data) |
| @@ -149,19 +146,20 @@ newpass_p12(PKCS12 *p12, char *oldpass, char *newpass) | |||
| 149 | p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, | 146 | p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, |
| 150 | NULL, pbe_saltlen, pbe_iter, bags); | 147 | NULL, pbe_saltlen, pbe_iter, bags); |
| 151 | sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); | 148 | sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); |
| 152 | if (!p7new) { | 149 | if (p7new == NULL) |
| 153 | sk_PKCS7_pop_free(asafes, PKCS7_free); | 150 | goto err; |
| 154 | return 0; | 151 | if (sk_PKCS7_push(newsafes, p7new) == 0) |
| 155 | } | 152 | goto err; |
| 156 | sk_PKCS7_push(newsafes, p7new); | ||
| 157 | } | 153 | } |
| 158 | sk_PKCS7_pop_free(asafes, PKCS7_free); | 154 | sk_PKCS7_pop_free(asafes, PKCS7_free); |
| 159 | 155 | ||
| 160 | /* Repack safe: save old safe in case of error */ | 156 | /* Repack safe: save old safe in case of error */ |
| 161 | 157 | ||
| 162 | p12_data_tmp = p12->authsafes->d.data; | 158 | p12_data_tmp = p12->authsafes->d.data; |
| 163 | if (!(p12->authsafes->d.data = ASN1_OCTET_STRING_new())) | 159 | if (!(p12->authsafes->d.data = ASN1_OCTET_STRING_new())) { |
| 164 | goto saferr; | 160 | p12->authsafes->d.data = p12_data_tmp; |
| 161 | goto err; | ||
| 162 | } | ||
| 165 | if (!PKCS12_pack_authsafes(p12, newsafes)) | 163 | if (!PKCS12_pack_authsafes(p12, newsafes)) |
| 166 | goto saferr; | 164 | goto saferr; |
| 167 | 165 | ||
| @@ -183,6 +181,11 @@ saferr: | |||
| 183 | ASN1_OCTET_STRING_free(macnew); | 181 | ASN1_OCTET_STRING_free(macnew); |
| 184 | p12->authsafes->d.data = p12_data_tmp; | 182 | p12->authsafes->d.data = p12_data_tmp; |
| 185 | return 0; | 183 | return 0; |
| 184 | |||
| 185 | err: | ||
| 186 | sk_PKCS7_pop_free(asafes, PKCS7_free); | ||
| 187 | sk_PKCS7_pop_free(newsafes, PKCS7_free); | ||
| 188 | return 0; | ||
| 186 | } | 189 | } |
| 187 | 190 | ||
| 188 | 191 | ||