diff options
| author | miod <> | 2016-11-08 21:22:55 +0000 |
|---|---|---|
| committer | miod <> | 2016-11-08 21:22:55 +0000 |
| commit | 741233cfaaedfc9709cf01e0bf3d9304cda9ed58 (patch) | |
| tree | d872c53168e35402102a7d7fdc8583e1bb83531b | |
| parent | acfc5dfa14919694cee5af74f2d461fc9cc191a3 (diff) | |
| download | openbsd-741233cfaaedfc9709cf01e0bf3d9304cda9ed58.tar.gz openbsd-741233cfaaedfc9709cf01e0bf3d9304cda9ed58.tar.bz2 openbsd-741233cfaaedfc9709cf01e0bf3d9304cda9ed58.zip | |
Check for stack push failure, and correctly destroy the object we failed
to push in that case. While there replace an inline version of
X509_OBJECT_free_contents() by a call to said function.
ok beck@
| -rw-r--r-- | src/lib/libcrypto/x509/x509_lu.c | 67 |
1 files changed, 47 insertions, 20 deletions
diff --git a/src/lib/libcrypto/x509/x509_lu.c b/src/lib/libcrypto/x509/x509_lu.c index fdb10023be..fc1256788e 100644 --- a/src/lib/libcrypto/x509/x509_lu.c +++ b/src/lib/libcrypto/x509/x509_lu.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_lu.c,v 1.20 2015/04/25 16:02:55 doug Exp $ */ | 1 | /* $OpenBSD: x509_lu.c,v 1.21 2016/11/08 21:22:55 miod Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -64,6 +64,9 @@ | |||
| 64 | #include <openssl/x509v3.h> | 64 | #include <openssl/x509v3.h> |
| 65 | #include "x509_lcl.h" | 65 | #include "x509_lcl.h" |
| 66 | 66 | ||
| 67 | static void X509_OBJECT_dec_ref_count(X509_OBJECT *a); | ||
| 68 | /* static void X509_OBJECT_up_ref_count(X509_OBJECT *a); */ | ||
| 69 | |||
| 67 | X509_LOOKUP * | 70 | X509_LOOKUP * |
| 68 | X509_LOOKUP_new(X509_LOOKUP_METHOD *method) | 71 | X509_LOOKUP_new(X509_LOOKUP_METHOD *method) |
| 69 | { | 72 | { |
| @@ -231,16 +234,9 @@ err: | |||
| 231 | } | 234 | } |
| 232 | 235 | ||
| 233 | static void | 236 | static void |
| 234 | cleanup(X509_OBJECT *a) | 237 | X509_OBJECT_free(X509_OBJECT *a) |
| 235 | { | 238 | { |
| 236 | if (a->type == X509_LU_X509) { | 239 | X509_OBJECT_free_contents(a); |
| 237 | X509_free(a->data.x509); | ||
| 238 | } else if (a->type == X509_LU_CRL) { | ||
| 239 | X509_CRL_free(a->data.crl); | ||
| 240 | } else { | ||
| 241 | /* abort(); */ | ||
| 242 | } | ||
| 243 | |||
| 244 | free(a); | 240 | free(a); |
| 245 | } | 241 | } |
| 246 | 242 | ||
| @@ -265,7 +261,7 @@ X509_STORE_free(X509_STORE *vfy) | |||
| 265 | X509_LOOKUP_free(lu); | 261 | X509_LOOKUP_free(lu); |
| 266 | } | 262 | } |
| 267 | sk_X509_LOOKUP_free(sk); | 263 | sk_X509_LOOKUP_free(sk); |
| 268 | sk_X509_OBJECT_pop_free(vfy->objs, cleanup); | 264 | sk_X509_OBJECT_pop_free(vfy->objs, X509_OBJECT_free); |
| 269 | 265 | ||
| 270 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data); | 266 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data); |
| 271 | X509_VERIFY_PARAM_free(vfy->param); | 267 | X509_VERIFY_PARAM_free(vfy->param); |
| @@ -364,16 +360,25 @@ X509_STORE_add_cert(X509_STORE *ctx, X509 *x) | |||
| 364 | X509_OBJECT_up_ref_count(obj); | 360 | X509_OBJECT_up_ref_count(obj); |
| 365 | 361 | ||
| 366 | if (X509_OBJECT_retrieve_match(ctx->objs, obj)) { | 362 | if (X509_OBJECT_retrieve_match(ctx->objs, obj)) { |
| 367 | X509_OBJECT_free_contents(obj); | ||
| 368 | free(obj); | ||
| 369 | X509err(X509_F_X509_STORE_ADD_CERT, | 363 | X509err(X509_F_X509_STORE_ADD_CERT, |
| 370 | X509_R_CERT_ALREADY_IN_HASH_TABLE); | 364 | X509_R_CERT_ALREADY_IN_HASH_TABLE); |
| 371 | ret = 0; | 365 | ret = 0; |
| 372 | } else | 366 | } else { |
| 373 | sk_X509_OBJECT_push(ctx->objs, obj); | 367 | if (sk_X509_OBJECT_push(ctx->objs, obj) == 0) { |
| 368 | X509err(X509_F_X509_STORE_ADD_CERT, | ||
| 369 | ERR_R_MALLOC_FAILURE); | ||
| 370 | ret = 0; | ||
| 371 | } | ||
| 372 | } | ||
| 373 | |||
| 374 | if (ret == 0) | ||
| 375 | X509_OBJECT_dec_ref_count(obj); | ||
| 374 | 376 | ||
| 375 | CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); | 377 | CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); |
| 376 | 378 | ||
| 379 | if (ret == 0) | ||
| 380 | X509_OBJECT_free(obj); | ||
| 381 | |||
| 377 | return ret; | 382 | return ret; |
| 378 | } | 383 | } |
| 379 | 384 | ||
| @@ -398,20 +403,42 @@ X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) | |||
| 398 | X509_OBJECT_up_ref_count(obj); | 403 | X509_OBJECT_up_ref_count(obj); |
| 399 | 404 | ||
| 400 | if (X509_OBJECT_retrieve_match(ctx->objs, obj)) { | 405 | if (X509_OBJECT_retrieve_match(ctx->objs, obj)) { |
| 401 | X509_OBJECT_free_contents(obj); | ||
| 402 | free(obj); | ||
| 403 | X509err(X509_F_X509_STORE_ADD_CRL, | 406 | X509err(X509_F_X509_STORE_ADD_CRL, |
| 404 | X509_R_CERT_ALREADY_IN_HASH_TABLE); | 407 | X509_R_CERT_ALREADY_IN_HASH_TABLE); |
| 405 | ret = 0; | 408 | ret = 0; |
| 406 | } else | 409 | } else { |
| 407 | sk_X509_OBJECT_push(ctx->objs, obj); | 410 | if (sk_X509_OBJECT_push(ctx->objs, obj) == 0) { |
| 411 | X509err(X509_F_X509_STORE_ADD_CRL, | ||
| 412 | ERR_R_MALLOC_FAILURE); | ||
| 413 | ret = 0; | ||
| 414 | } | ||
| 415 | } | ||
| 416 | |||
| 417 | if (ret == 0) | ||
| 418 | X509_OBJECT_dec_ref_count(obj); | ||
| 408 | 419 | ||
| 409 | CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); | 420 | CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); |
| 410 | 421 | ||
| 422 | if (ret == 0) | ||
| 423 | X509_OBJECT_free(obj); | ||
| 424 | |||
| 411 | return ret; | 425 | return ret; |
| 412 | } | 426 | } |
| 413 | 427 | ||
| 414 | void | 428 | static void |
| 429 | X509_OBJECT_dec_ref_count(X509_OBJECT *a) | ||
| 430 | { | ||
| 431 | switch (a->type) { | ||
| 432 | case X509_LU_X509: | ||
| 433 | CRYPTO_add(&a->data.x509->references, -1, CRYPTO_LOCK_X509); | ||
| 434 | break; | ||
| 435 | case X509_LU_CRL: | ||
| 436 | CRYPTO_add(&a->data.crl->references, -1, CRYPTO_LOCK_X509_CRL); | ||
| 437 | break; | ||
| 438 | } | ||
| 439 | } | ||
| 440 | |||
| 441 | /*static*/ void | ||
| 415 | X509_OBJECT_up_ref_count(X509_OBJECT *a) | 442 | X509_OBJECT_up_ref_count(X509_OBJECT *a) |
| 416 | { | 443 | { |
| 417 | switch (a->type) { | 444 | switch (a->type) { |