Add error checking to i2v_AUTHORITY_KEYID(), i2v_GENERAL_NAME()

and i2v_GENERAL_NAMES(). This fixes a couple of leaks and other ugliness. tweaks & ok jsing
author: tb <> 2019-04-21 16:50:34 +0000
committer: tb <> 2019-04-21 16:50:34 +0000
commit: 6cb76fe84ed5d0dde673a8aea04318d4dbcc96d9 (patch)
tree: 796d18cc54886cb2407e36d7d31d982c243ecd05
parent: 7bbdab19e025dac2cb71c1027b0419b712f48447 (diff)
download: openbsd-6cb76fe84ed5d0dde673a8aea04318d4dbcc96d9.tar.gz
openbsd-6cb76fe84ed5d0dde673a8aea04318d4dbcc96d9.tar.bz2
openbsd-6cb76fe84ed5d0dde673a8aea04318d4dbcc96d9.zip
2 files changed, 80 insertions, 32 deletions
diff --git a/src/lib/libcrypto/x509v3/v3_akey.c b/src/lib/libcrypto/x509v3/v3_akey.c
index 3b57fd21f7..65184b19b6 100644
--- a/src/lib/libcrypto/x509v3/v3_akey.c
+++ b/src/lib/libcrypto/x509v3/v3_akey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_akey.c,v 1.20 2019/04/21 08:07:47 tb Exp $ */
+/* $OpenBSD: v3_akey.c,v 1.21 2019/04/21 16:50:34 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -91,22 +91,41 @@ static STACK_OF(CONF_VALUE) *
 i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, AUTHORITY_KEYID *akeyid,
    STACK_OF(CONF_VALUE) *extlist)
 {
-        char *tmp;
+        char *tmpstr = NULL;
-        if (akeyid->keyid) {
+        if (akeyid->keyid != NULL) {
-                tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length);
+                if ((tmpstr = hex_to_string(akeyid->keyid->data,
-                X509V3_add_value("keyid", tmp, &extlist);
+                    akeyid->keyid->length)) == NULL)
-                free(tmp);
+                        goto err;
+                if (!X509V3_add_value("keyid", tmpstr, &extlist))
+                        goto err;
+                free(tmpstr);
+                tmpstr = NULL;
        }
-        if (akeyid->issuer)
-                extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);
+        if (akeyid->issuer != NULL) {
-        if (akeyid->serial) {
+                if ((extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer,
-                tmp = hex_to_string(akeyid->serial->data,
+                    extlist)) == NULL)
-                    akeyid->serial->length);
+                        goto err;
-                X509V3_add_value("serial", tmp, &extlist);
-                free(tmp);
        }
+        if (akeyid->serial != NULL) {
+                if ((tmpstr = hex_to_string(akeyid->serial->data,
+                    akeyid->serial->length)) == NULL)
+                        goto err;
+                if (!X509V3_add_value("serial", tmpstr, &extlist))
+                        goto err;
+                free(tmpstr);
+                tmpstr = NULL;
+        }
        return extlist;
+ err:
+        free(tmpstr);
+        sk_CONF_VALUE_pop_free(extlist, X509V3_conf_free);
+        return NULL;
 }
 /*
diff --git a/src/lib/libcrypto/x509v3/v3_alt.c b/src/lib/libcrypto/x509v3/v3_alt.c
index 08063d191b..2dc07b4025 100644
--- a/src/lib/libcrypto/x509v3/v3_alt.c
+++ b/src/lib/libcrypto/x509v3/v3_alt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_alt.c,v 1.28 2018/05/18 19:34:37 tb Exp $ */
+/* $OpenBSD: v3_alt.c,v 1.29 2019/04/21 16:50:34 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
@@ -127,16 +127,27 @@ STACK_OF(CONF_VALUE) *
 i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, GENERAL_NAMES *gens,
    STACK_OF(CONF_VALUE) *ret)
 {
-        int i;
        GENERAL_NAME *gen;
+        int i;
+        if (ret == NULL) {
+                if ((ret = sk_CONF_VALUE_new_null()) == NULL)
+                        return NULL;
+        }
        for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
-                gen = sk_GENERAL_NAME_value(gens, i);
+                if ((gen = sk_GENERAL_NAME_value(gens, i)) == NULL)
-                ret = i2v_GENERAL_NAME(method, gen, ret);
+                        goto err;
+                if ((ret = i2v_GENERAL_NAME(method, gen, ret)) == NULL)
+                        goto err;
        }
-        if (!ret)
-                return sk_CONF_VALUE_new_null();
        return ret;
+ err:
+        sk_CONF_VALUE_pop_free(ret, X509V3_conf_free);
+        return NULL;
 }
 STACK_OF(CONF_VALUE) *
@@ -149,35 +160,43 @@ i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen,
        switch (gen->type) {
        case GEN_OTHERNAME:
-                X509V3_add_value("othername", "<unsupported>", &ret);
+                if (!X509V3_add_value("othername", "<unsupported>", &ret))
+                        goto err;
                break;
        case GEN_X400:
-                X509V3_add_value("X400Name", "<unsupported>", &ret);
+                if (!X509V3_add_value("X400Name", "<unsupported>", &ret))
+                        goto err;
                break;
        case GEN_EDIPARTY:
-                X509V3_add_value("EdiPartyName", "<unsupported>", &ret);
+                if (!X509V3_add_value("EdiPartyName", "<unsupported>", &ret))
+                        goto err;
                break;
        case GEN_EMAIL:
-                X509V3_add_value_uchar("email", gen->d.ia5->data, &ret);
+                if (!X509V3_add_value_uchar("email", gen->d.ia5->data, &ret))
+                        goto err;
                break;
        case GEN_DNS:
-                X509V3_add_value_uchar("DNS", gen->d.ia5->data, &ret);
+                if (!X509V3_add_value_uchar("DNS", gen->d.ia5->data, &ret))
+                        goto err;
                break;
        case GEN_URI:
-                X509V3_add_value_uchar("URI", gen->d.ia5->data, &ret);
+                if (!X509V3_add_value_uchar("URI", gen->d.ia5->data, &ret))
+                        goto err;
                break;
        case GEN_DIRNAME:
-                X509_NAME_oneline(gen->d.dirn, oline, 256);
+                if (X509_NAME_oneline(gen->d.dirn, oline, 256) == NULL)
-                X509V3_add_value("DirName", oline, &ret);
+                        goto err;
+                if (!X509V3_add_value("DirName", oline, &ret))
+                        goto err;
                break;
-        case GEN_IPADD:
+        case GEN_IPADD: /* XXX */
                p = gen->d.ip->data;
                if (gen->d.ip->length == 4)
                        (void) snprintf(oline, sizeof oline,
@@ -193,18 +212,28 @@ i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen,
                                        strlcat(oline, ":", sizeof(oline));
                        }
                } else {
-                        X509V3_add_value("IP Address", "<invalid>", &ret);
+                        if (!X509V3_add_value("IP Address", "<invalid>", &ret))
+                                goto err;
                        break;
                }
-                X509V3_add_value("IP Address", oline, &ret);
+                if (!X509V3_add_value("IP Address", oline, &ret))
+                        goto err;
                break;
        case GEN_RID:
-                i2t_ASN1_OBJECT(oline, 256, gen->d.rid);
+                if (!i2t_ASN1_OBJECT(oline, 256, gen->d.rid))
-                X509V3_add_value("Registered ID", oline, &ret);
+                        goto err;
+                if (!X509V3_add_value("Registered ID", oline, &ret))
+                        goto err;
                break;
        }
        return ret;
+ err:
+        sk_CONF_VALUE_pop_free(ret, X509V3_conf_free);
+        return NULL;
 }
 int
author	tb <>	2019-04-21 16:50:34 +0000
committer	tb <>	2019-04-21 16:50:34 +0000
commit	6cb76fe84ed5d0dde673a8aea04318d4dbcc96d9 (patch)
tree	796d18cc54886cb2407e36d7d31d982c243ecd05
parent	7bbdab19e025dac2cb71c1027b0419b712f48447 (diff)
download	openbsd-6cb76fe84ed5d0dde673a8aea04318d4dbcc96d9.tar.gz openbsd-6cb76fe84ed5d0dde673a8aea04318d4dbcc96d9.tar.bz2 openbsd-6cb76fe84ed5d0dde673a8aea04318d4dbcc96d9.zip

diff --git a/src/lib/libcrypto/x509v3/v3_akey.c b/src/lib/libcrypto/x509v3/v3_akey.c index 3b57fd21f7..65184b19b6 100644 --- a/src/lib/libcrypto/x509v3/v3_akey.c +++ b/src/lib/libcrypto/x509v3/v3_akey.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: v3_akey.c,v 1.20 2019/04/21 08:07:47 tb Exp $ */	1	/* $OpenBSD: v3_akey.c,v 1.21 2019/04/21 16:50:34 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 1999.	3	* project 1999.
4	*/	4	*/
@@ -91,22 +91,41 @@ static STACK_OF(CONF_VALUE) *
91	i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD method, AUTHORITY_KEYID akeyid,	91	i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD method, AUTHORITY_KEYID akeyid,
92	STACK_OF(CONF_VALUE) *extlist)	92	STACK_OF(CONF_VALUE) *extlist)
93	{	93	{
94	char *tmp;	94	char *tmpstr = NULL;
95		95
96	if (akeyid->keyid) {	96	if (akeyid->keyid != NULL) {
97	tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length);	97	if ((tmpstr = hex_to_string(akeyid->keyid->data,
98	X509V3_add_value("keyid", tmp, &extlist);	98	akeyid->keyid->length)) == NULL)
99	free(tmp);	99	goto err;
		100	if (!X509V3_add_value("keyid", tmpstr, &extlist))
		101	goto err;
		102	free(tmpstr);
		103	tmpstr = NULL;
100	}	104	}
101	if (akeyid->issuer)	105
102	extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);	106	if (akeyid->issuer != NULL) {
103	if (akeyid->serial) {	107	if ((extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer,
104	tmp = hex_to_string(akeyid->serial->data,	108	extlist)) == NULL)
105	akeyid->serial->length);	109	goto err;
106	X509V3_add_value("serial", tmp, &extlist);
107	free(tmp);
108	}	110	}
		111
		112	if (akeyid->serial != NULL) {
		113	if ((tmpstr = hex_to_string(akeyid->serial->data,
		114	akeyid->serial->length)) == NULL)
		115	goto err;
		116	if (!X509V3_add_value("serial", tmpstr, &extlist))
		117	goto err;
		118	free(tmpstr);
		119	tmpstr = NULL;
		120	}
		121
109	return extlist;	122	return extlist;
		123
		124	err:
		125	free(tmpstr);
		126	sk_CONF_VALUE_pop_free(extlist, X509V3_conf_free);
		127
		128	return NULL;
110	}	129	}
111		130
112	/*	131	/*


diff --git a/src/lib/libcrypto/x509v3/v3_alt.c b/src/lib/libcrypto/x509v3/v3_alt.c index 08063d191b..2dc07b4025 100644 --- a/src/lib/libcrypto/x509v3/v3_alt.c +++ b/src/lib/libcrypto/x509v3/v3_alt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: v3_alt.c,v 1.28 2018/05/18 19:34:37 tb Exp $ */	1	/* $OpenBSD: v3_alt.c,v 1.29 2019/04/21 16:50:34 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project.	3	* project.
4	*/	4	*/
@@ -127,16 +127,27 @@ STACK_OF(CONF_VALUE) *
127	i2v_GENERAL_NAMES(X509V3_EXT_METHOD method, GENERAL_NAMES gens,	127	i2v_GENERAL_NAMES(X509V3_EXT_METHOD method, GENERAL_NAMES gens,
128	STACK_OF(CONF_VALUE) *ret)	128	STACK_OF(CONF_VALUE) *ret)
129	{	129	{
130	int i;
131	GENERAL_NAME *gen;	130	GENERAL_NAME *gen;
		131	int i;
		132
		133	if (ret == NULL) {
		134	if ((ret = sk_CONF_VALUE_new_null()) == NULL)
		135	return NULL;
		136	}
132		137
133	for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {	138	for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
134	gen = sk_GENERAL_NAME_value(gens, i);	139	if ((gen = sk_GENERAL_NAME_value(gens, i)) == NULL)
135	ret = i2v_GENERAL_NAME(method, gen, ret);	140	goto err;
		141	if ((ret = i2v_GENERAL_NAME(method, gen, ret)) == NULL)
		142	goto err;
136	}	143	}
137	if (!ret)	144
138	return sk_CONF_VALUE_new_null();
139	return ret;	145	return ret;
		146
		147	err:
		148	sk_CONF_VALUE_pop_free(ret, X509V3_conf_free);
		149
		150	return NULL;
140	}	151	}
141		152
142	STACK_OF(CONF_VALUE) *	153	STACK_OF(CONF_VALUE) *
@@ -149,35 +160,43 @@ i2v_GENERAL_NAME(X509V3_EXT_METHOD method, GENERAL_NAME gen,
149		160
150	switch (gen->type) {	161	switch (gen->type) {
151	case GEN_OTHERNAME:	162	case GEN_OTHERNAME:
152	X509V3_add_value("othername", "<unsupported>", &ret);	163	if (!X509V3_add_value("othername", "<unsupported>", &ret))
		164	goto err;
153	break;	165	break;
154		166
155	case GEN_X400:	167	case GEN_X400:
156	X509V3_add_value("X400Name", "<unsupported>", &ret);	168	if (!X509V3_add_value("X400Name", "<unsupported>", &ret))
		169	goto err;
157	break;	170	break;
158		171
159	case GEN_EDIPARTY:	172	case GEN_EDIPARTY:
160	X509V3_add_value("EdiPartyName", "<unsupported>", &ret);	173	if (!X509V3_add_value("EdiPartyName", "<unsupported>", &ret))
		174	goto err;
161	break;	175	break;
162		176
163	case GEN_EMAIL:	177	case GEN_EMAIL:
164	X509V3_add_value_uchar("email", gen->d.ia5->data, &ret);	178	if (!X509V3_add_value_uchar("email", gen->d.ia5->data, &ret))
		179	goto err;
165	break;	180	break;
166		181
167	case GEN_DNS:	182	case GEN_DNS:
168	X509V3_add_value_uchar("DNS", gen->d.ia5->data, &ret);	183	if (!X509V3_add_value_uchar("DNS", gen->d.ia5->data, &ret))
		184	goto err;
169	break;	185	break;
170		186
171	case GEN_URI:	187	case GEN_URI:
172	X509V3_add_value_uchar("URI", gen->d.ia5->data, &ret);	188	if (!X509V3_add_value_uchar("URI", gen->d.ia5->data, &ret))
		189	goto err;
173	break;	190	break;
174		191
175	case GEN_DIRNAME:	192	case GEN_DIRNAME:
176	X509_NAME_oneline(gen->d.dirn, oline, 256);	193	if (X509_NAME_oneline(gen->d.dirn, oline, 256) == NULL)
177	X509V3_add_value("DirName", oline, &ret);	194	goto err;
		195	if (!X509V3_add_value("DirName", oline, &ret))
		196	goto err;
178	break;	197	break;
179		198
180	case GEN_IPADD:	199	case GEN_IPADD: /* XXX */
181	p = gen->d.ip->data;	200	p = gen->d.ip->data;
182	if (gen->d.ip->length == 4)	201	if (gen->d.ip->length == 4)
183	(void) snprintf(oline, sizeof oline,	202	(void) snprintf(oline, sizeof oline,
@@ -193,18 +212,28 @@ i2v_GENERAL_NAME(X509V3_EXT_METHOD method, GENERAL_NAME gen,
193	strlcat(oline, ":", sizeof(oline));	212	strlcat(oline, ":", sizeof(oline));
194	}	213	}
195	} else {	214	} else {
196	X509V3_add_value("IP Address", "<invalid>", &ret);	215	if (!X509V3_add_value("IP Address", "<invalid>", &ret))
		216	goto err;
197	break;	217	break;
198	}	218	}
199	X509V3_add_value("IP Address", oline, &ret);	219	if (!X509V3_add_value("IP Address", oline, &ret))
		220	goto err;
200	break;	221	break;
201		222
202	case GEN_RID:	223	case GEN_RID:
203	i2t_ASN1_OBJECT(oline, 256, gen->d.rid);	224	if (!i2t_ASN1_OBJECT(oline, 256, gen->d.rid))
204	X509V3_add_value("Registered ID", oline, &ret);	225	goto err;
		226	if (!X509V3_add_value("Registered ID", oline, &ret))
		227	goto err;
205	break;	228	break;
206	}	229	}
		230
207	return ret;	231	return ret;
		232
		233	err:
		234	sk_CONF_VALUE_pop_free(ret, X509V3_conf_free);
		235
		236	return NULL;
208	}	237	}
209		238
210	int	239	int