diff options
| author | tb <> | 2024-01-25 08:10:14 +0000 |
|---|---|---|
| committer | tb <> | 2024-01-25 08:10:14 +0000 |
| commit | f33f863f9b989e14a92b65e7d8c585533a3b70d6 (patch) | |
| tree | ed7dd400581e84f39ec41de8540e465044bf34a6 | |
| parent | 5048b594fb9cd050c4d5d8bb7a9c9bad8865a171 (diff) | |
| download | openbsd-f33f863f9b989e14a92b65e7d8c585533a3b70d6.tar.gz openbsd-f33f863f9b989e14a92b65e7d8c585533a3b70d6.tar.bz2 openbsd-f33f863f9b989e14a92b65e7d8c585533a3b70d6.zip | |
Fix a memleak and a double free in newpass_p12()
If the allocation of newsafes fails, asafes is leaked. And if the
ASN1_OCTET_STRING_new() after the freeing of asafes fails, asafes is
freed a second time.
ok jsing
| -rw-r--r-- | src/lib/libcrypto/pkcs12/p12_npas.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/src/lib/libcrypto/pkcs12/p12_npas.c b/src/lib/libcrypto/pkcs12/p12_npas.c index 30dd2ef8c4..7c1ba85a1f 100644 --- a/src/lib/libcrypto/pkcs12/p12_npas.c +++ b/src/lib/libcrypto/pkcs12/p12_npas.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: p12_npas.c,v 1.18 2023/02/16 08:38:17 tb Exp $ */ | 1 | /* $OpenBSD: p12_npas.c,v 1.19 2024/01/25 08:10:14 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 1999. | 3 | * project 1999. |
| 4 | */ | 4 | */ |
| @@ -110,7 +110,7 @@ LCRYPTO_ALIAS(PKCS12_newpass); | |||
| 110 | static int | 110 | static int |
| 111 | newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass) | 111 | newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass) |
| 112 | { | 112 | { |
| 113 | STACK_OF(PKCS7) *asafes, *newsafes; | 113 | STACK_OF(PKCS7) *asafes = NULL, *newsafes = NULL; |
| 114 | STACK_OF(PKCS12_SAFEBAG) *bags; | 114 | STACK_OF(PKCS12_SAFEBAG) *bags; |
| 115 | int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0; | 115 | int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0; |
| 116 | PKCS7 *p7, *p7new; | 116 | PKCS7 *p7, *p7new; |
| @@ -118,10 +118,10 @@ newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass) | |||
| 118 | unsigned char mac[EVP_MAX_MD_SIZE]; | 118 | unsigned char mac[EVP_MAX_MD_SIZE]; |
| 119 | unsigned int maclen; | 119 | unsigned int maclen; |
| 120 | 120 | ||
| 121 | if (!(asafes = PKCS12_unpack_authsafes(p12))) | 121 | if ((asafes = PKCS12_unpack_authsafes(p12)) == NULL) |
| 122 | return 0; | 122 | goto err; |
| 123 | if (!(newsafes = sk_PKCS7_new_null())) | 123 | if ((newsafes = sk_PKCS7_new_null()) == NULL) |
| 124 | return 0; | 124 | goto err; |
| 125 | for (i = 0; i < sk_PKCS7_num(asafes); i++) { | 125 | for (i = 0; i < sk_PKCS7_num(asafes); i++) { |
| 126 | p7 = sk_PKCS7_value(asafes, i); | 126 | p7 = sk_PKCS7_value(asafes, i); |
| 127 | bagnid = OBJ_obj2nid(p7->type); | 127 | bagnid = OBJ_obj2nid(p7->type); |
| @@ -156,6 +156,7 @@ newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass) | |||
| 156 | goto err; | 156 | goto err; |
| 157 | } | 157 | } |
| 158 | sk_PKCS7_pop_free(asafes, PKCS7_free); | 158 | sk_PKCS7_pop_free(asafes, PKCS7_free); |
| 159 | asafes = NULL; | ||
| 159 | 160 | ||
| 160 | /* Repack safe: save old safe in case of error */ | 161 | /* Repack safe: save old safe in case of error */ |
| 161 | 162 | ||
| @@ -189,6 +190,7 @@ saferr: | |||
| 189 | err: | 190 | err: |
| 190 | sk_PKCS7_pop_free(asafes, PKCS7_free); | 191 | sk_PKCS7_pop_free(asafes, PKCS7_free); |
| 191 | sk_PKCS7_pop_free(newsafes, PKCS7_free); | 192 | sk_PKCS7_pop_free(newsafes, PKCS7_free); |
| 193 | |||
| 192 | return 0; | 194 | return 0; |
| 193 | } | 195 | } |
| 194 | 196 | ||