diff options
| author | inoguchi <> | 2020-01-09 11:27:21 +0000 |
|---|---|---|
| committer | inoguchi <> | 2020-01-09 11:27:21 +0000 |
| commit | f86f8c9701dd2cb52bed7ce290e7431d15fcd27d (patch) | |
| tree | 60b7a641a247dcbbc01cbd3770047efe726ff7eb | |
| parent | 1141f885583b175ef90db0a4a8118118946b803b (diff) | |
| download | openbsd-f86f8c9701dd2cb52bed7ce290e7431d15fcd27d.tar.gz openbsd-f86f8c9701dd2cb52bed7ce290e7431d15fcd27d.tar.bz2 openbsd-f86f8c9701dd2cb52bed7ce290e7431d15fcd27d.zip | |
Avoid leak in error path of asn1_parse2
ok tb@
| -rw-r--r-- | src/lib/libcrypto/asn1/asn1_par.c | 38 |
1 files changed, 21 insertions, 17 deletions
diff --git a/src/lib/libcrypto/asn1/asn1_par.c b/src/lib/libcrypto/asn1/asn1_par.c index 21f92d298d..1ec9b1ac6b 100644 --- a/src/lib/libcrypto/asn1/asn1_par.c +++ b/src/lib/libcrypto/asn1/asn1_par.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: asn1_par.c,v 1.27 2019/03/24 16:07:25 beck Exp $ */ | 1 | /* $OpenBSD: asn1_par.c,v 1.28 2020/01/09 11:27:21 inoguchi Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -123,6 +123,8 @@ asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offset, | |||
| 123 | int nl, hl, j, r; | 123 | int nl, hl, j, r; |
| 124 | ASN1_OBJECT *o = NULL; | 124 | ASN1_OBJECT *o = NULL; |
| 125 | ASN1_OCTET_STRING *os = NULL; | 125 | ASN1_OCTET_STRING *os = NULL; |
| 126 | ASN1_INTEGER *ai = NULL; | ||
| 127 | ASN1_ENUMERATED *ae = NULL; | ||
| 126 | /* ASN1_BMPSTRING *bmp=NULL;*/ | 128 | /* ASN1_BMPSTRING *bmp=NULL;*/ |
| 127 | int dump_indent; | 129 | int dump_indent; |
| 128 | 130 | ||
| @@ -296,23 +298,22 @@ asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offset, | |||
| 296 | ASN1_OCTET_STRING_free(os); | 298 | ASN1_OCTET_STRING_free(os); |
| 297 | os = NULL; | 299 | os = NULL; |
| 298 | } else if (tag == V_ASN1_INTEGER) { | 300 | } else if (tag == V_ASN1_INTEGER) { |
| 299 | ASN1_INTEGER *bs; | ||
| 300 | int i; | 301 | int i; |
| 301 | 302 | ||
| 302 | opp = op; | 303 | opp = op; |
| 303 | bs = d2i_ASN1_INTEGER(NULL, &opp, len + hl); | 304 | ai = d2i_ASN1_INTEGER(NULL, &opp, len + hl); |
| 304 | if (bs != NULL) { | 305 | if (ai != NULL) { |
| 305 | if (BIO_write(bp, ":", 1) <= 0) | 306 | if (BIO_write(bp, ":", 1) <= 0) |
| 306 | goto end; | 307 | goto end; |
| 307 | if (bs->type == V_ASN1_NEG_INTEGER) | 308 | if (ai->type == V_ASN1_NEG_INTEGER) |
| 308 | if (BIO_write(bp, "-", 1) <= 0) | 309 | if (BIO_write(bp, "-", 1) <= 0) |
| 309 | goto end; | 310 | goto end; |
| 310 | for (i = 0; i < bs->length; i++) { | 311 | for (i = 0; i < ai->length; i++) { |
| 311 | if (BIO_printf(bp, "%02X", | 312 | if (BIO_printf(bp, "%02X", |
| 312 | bs->data[i]) <= 0) | 313 | ai->data[i]) <= 0) |
| 313 | goto end; | 314 | goto end; |
| 314 | } | 315 | } |
| 315 | if (bs->length == 0) { | 316 | if (ai->length == 0) { |
| 316 | if (BIO_write(bp, "00", 2) <= 0) | 317 | if (BIO_write(bp, "00", 2) <= 0) |
| 317 | goto end; | 318 | goto end; |
| 318 | } | 319 | } |
| @@ -320,25 +321,25 @@ asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offset, | |||
| 320 | if (BIO_write(bp, "BAD INTEGER", 11) <= 0) | 321 | if (BIO_write(bp, "BAD INTEGER", 11) <= 0) |
| 321 | goto end; | 322 | goto end; |
| 322 | } | 323 | } |
| 323 | ASN1_INTEGER_free(bs); | 324 | ASN1_INTEGER_free(ai); |
| 325 | ai = NULL; | ||
| 324 | } else if (tag == V_ASN1_ENUMERATED) { | 326 | } else if (tag == V_ASN1_ENUMERATED) { |
| 325 | ASN1_ENUMERATED *bs; | ||
| 326 | int i; | 327 | int i; |
| 327 | 328 | ||
| 328 | opp = op; | 329 | opp = op; |
| 329 | bs = d2i_ASN1_ENUMERATED(NULL, &opp, len + hl); | 330 | ae = d2i_ASN1_ENUMERATED(NULL, &opp, len + hl); |
| 330 | if (bs != NULL) { | 331 | if (ae != NULL) { |
| 331 | if (BIO_write(bp, ":", 1) <= 0) | 332 | if (BIO_write(bp, ":", 1) <= 0) |
| 332 | goto end; | 333 | goto end; |
| 333 | if (bs->type == V_ASN1_NEG_ENUMERATED) | 334 | if (ae->type == V_ASN1_NEG_ENUMERATED) |
| 334 | if (BIO_write(bp, "-", 1) <= 0) | 335 | if (BIO_write(bp, "-", 1) <= 0) |
| 335 | goto end; | 336 | goto end; |
| 336 | for (i = 0; i < bs->length; i++) { | 337 | for (i = 0; i < ae->length; i++) { |
| 337 | if (BIO_printf(bp, "%02X", | 338 | if (BIO_printf(bp, "%02X", |
| 338 | bs->data[i]) <= 0) | 339 | ae->data[i]) <= 0) |
| 339 | goto end; | 340 | goto end; |
| 340 | } | 341 | } |
| 341 | if (bs->length == 0) { | 342 | if (ae->length == 0) { |
| 342 | if (BIO_write(bp, "00", 2) <= 0) | 343 | if (BIO_write(bp, "00", 2) <= 0) |
| 343 | goto end; | 344 | goto end; |
| 344 | } | 345 | } |
| @@ -346,7 +347,8 @@ asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offset, | |||
| 346 | if (BIO_write(bp, "BAD ENUMERATED", 14) <= 0) | 347 | if (BIO_write(bp, "BAD ENUMERATED", 14) <= 0) |
| 347 | goto end; | 348 | goto end; |
| 348 | } | 349 | } |
| 349 | ASN1_ENUMERATED_free(bs); | 350 | ASN1_ENUMERATED_free(ae); |
| 351 | ae = NULL; | ||
| 350 | } else if (len > 0 && dump) { | 352 | } else if (len > 0 && dump) { |
| 351 | if (!nl) { | 353 | if (!nl) { |
| 352 | if (BIO_write(bp, "\n", 1) <= 0) | 354 | if (BIO_write(bp, "\n", 1) <= 0) |
| @@ -377,6 +379,8 @@ end: | |||
| 377 | if (o != NULL) | 379 | if (o != NULL) |
| 378 | ASN1_OBJECT_free(o); | 380 | ASN1_OBJECT_free(o); |
| 379 | ASN1_OCTET_STRING_free(os); | 381 | ASN1_OCTET_STRING_free(os); |
| 382 | ASN1_INTEGER_free(ai); | ||
| 383 | ASN1_ENUMERATED_free(ae); | ||
| 380 | *pp = p; | 384 | *pp = p; |
| 381 | return (ret); | 385 | return (ret); |
| 382 | } | 386 | } |