Unchecked memory allocation and potential leak upon error in

ssl3_get_cert_verify(). ok guenther@ jsing@
author: miod <> 2014-08-11 04:46:42 +0000
committer: miod <> 2014-08-11 04:46:42 +0000
commit: 59c702ecf80ecab473ca34423906355163005011 (patch)
tree: 400b197d07b7b1b93d118f223dd816a19090c724 /src/lib
parent: e8fa863e4a90aae1d1c2f88d7d26e9a0bd9db0dc (diff)
download: openbsd-59c702ecf80ecab473ca34423906355163005011.tar.gz
openbsd-59c702ecf80ecab473ca34423906355163005011.tar.bz2
openbsd-59c702ecf80ecab473ca34423906355163005011.zip
2 files changed, 24 insertions, 10 deletions
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 7b29ec41c8..574910cda6 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.80 2014/08/10 14:42:56 jsing Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.81 2014/08/11 04:46:42 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -2444,17 +2444,24 @@ ssl3_get_cert_verify(SSL *s)
            pkey->type == NID_id_GostR3410_2001) {
                unsigned char signature[64];
                int idx;
-                EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey, NULL);
+                EVP_PKEY_CTX *pctx;
-                EVP_PKEY_verify_init(pctx);
+               
                if (i != 64) {
                        SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
                            SSL_R_WRONG_SIGNATURE_SIZE);
                        al = SSL_AD_DECODE_ERROR;
                        goto f_err;
                }
-                for (idx = 0; idx < 64; idx++) {
+                pctx = EVP_PKEY_CTX_new(pkey, NULL);
-                        signature[63 - idx] = p[idx];
+                if (pctx == NULL) {
+                        SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
+                            ERR_R_INTERNAL_ERROR);
+                        al = SSL_AD_DECODE_ERROR;
+                        goto f_err;
                }
+                EVP_PKEY_verify_init(pctx);
+                for (idx = 0; idx < 64; idx++)
+                        signature[63 - idx] = p[idx];
                j = EVP_PKEY_verify(pctx, signature, 64,
                    s->s3->tmp.cert_verify_md, 32);
                EVP_PKEY_CTX_free(pctx);
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index 7b29ec41c8..574910cda6 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.80 2014/08/10 14:42:56 jsing Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.81 2014/08/11 04:46:42 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -2444,17 +2444,24 @@ ssl3_get_cert_verify(SSL *s)
            pkey->type == NID_id_GostR3410_2001) {
                unsigned char signature[64];
                int idx;
-                EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey, NULL);
+                EVP_PKEY_CTX *pctx;
-                EVP_PKEY_verify_init(pctx);
+               
                if (i != 64) {
                        SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
                            SSL_R_WRONG_SIGNATURE_SIZE);
                        al = SSL_AD_DECODE_ERROR;
                        goto f_err;
                }
-                for (idx = 0; idx < 64; idx++) {
+                pctx = EVP_PKEY_CTX_new(pkey, NULL);
-                        signature[63 - idx] = p[idx];
+                if (pctx == NULL) {
+                        SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
+                            ERR_R_INTERNAL_ERROR);
+                        al = SSL_AD_DECODE_ERROR;
+                        goto f_err;
                }
+                EVP_PKEY_verify_init(pctx);
+                for (idx = 0; idx < 64; idx++)
+                        signature[63 - idx] = p[idx];
                j = EVP_PKEY_verify(pctx, signature, 64,
                    s->s3->tmp.cert_verify_md, 32);
                EVP_PKEY_CTX_free(pctx);
author	miod <>	2014-08-11 04:46:42 +0000
committer	miod <>	2014-08-11 04:46:42 +0000
commit	59c702ecf80ecab473ca34423906355163005011 (patch)
tree	400b197d07b7b1b93d118f223dd816a19090c724 /src/lib
parent	e8fa863e4a90aae1d1c2f88d7d26e9a0bd9db0dc (diff)
download	openbsd-59c702ecf80ecab473ca34423906355163005011.tar.gz openbsd-59c702ecf80ecab473ca34423906355163005011.tar.bz2 openbsd-59c702ecf80ecab473ca34423906355163005011.zip

diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index 7b29ec41c8..574910cda6 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_srvr.c,v 1.80 2014/08/10 14:42:56 jsing Exp $ */	1	/* $OpenBSD: s3_srvr.c,v 1.81 2014/08/11 04:46:42 miod Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -2444,17 +2444,24 @@ ssl3_get_cert_verify(SSL *s)
2444	pkey->type == NID_id_GostR3410_2001) {	2444	pkey->type == NID_id_GostR3410_2001) {
2445	unsigned char signature[64];	2445	unsigned char signature[64];
2446	int idx;	2446	int idx;
2447	EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey, NULL);	2447	EVP_PKEY_CTX *pctx;
2448	EVP_PKEY_verify_init(pctx);	2448
2449	if (i != 64) {	2449	if (i != 64) {
2450	SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,	2450	SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2451	SSL_R_WRONG_SIGNATURE_SIZE);	2451	SSL_R_WRONG_SIGNATURE_SIZE);
2452	al = SSL_AD_DECODE_ERROR;	2452	al = SSL_AD_DECODE_ERROR;
2453	goto f_err;	2453	goto f_err;
2454	}	2454	}
2455	for (idx = 0; idx < 64; idx++) {	2455	pctx = EVP_PKEY_CTX_new(pkey, NULL);
2456	signature[63 - idx] = p[idx];	2456	if (pctx == NULL) {
		2457	SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
		2458	ERR_R_INTERNAL_ERROR);
		2459	al = SSL_AD_DECODE_ERROR;
		2460	goto f_err;
2457	}	2461	}
		2462	EVP_PKEY_verify_init(pctx);
		2463	for (idx = 0; idx < 64; idx++)
		2464	signature[63 - idx] = p[idx];
2458	j = EVP_PKEY_verify(pctx, signature, 64,	2465	j = EVP_PKEY_verify(pctx, signature, 64,
2459	s->s3->tmp.cert_verify_md, 32);	2466	s->s3->tmp.cert_verify_md, 32);
2460	EVP_PKEY_CTX_free(pctx);	2467	EVP_PKEY_CTX_free(pctx);


diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c index 7b29ec41c8..574910cda6 100644 --- a/src/lib/libssl/src/ssl/s3_srvr.c +++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_srvr.c,v 1.80 2014/08/10 14:42:56 jsing Exp $ */	1	/* $OpenBSD: s3_srvr.c,v 1.81 2014/08/11 04:46:42 miod Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -2444,17 +2444,24 @@ ssl3_get_cert_verify(SSL *s)
2444	pkey->type == NID_id_GostR3410_2001) {	2444	pkey->type == NID_id_GostR3410_2001) {
2445	unsigned char signature[64];	2445	unsigned char signature[64];
2446	int idx;	2446	int idx;
2447	EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey, NULL);	2447	EVP_PKEY_CTX *pctx;
2448	EVP_PKEY_verify_init(pctx);	2448
2449	if (i != 64) {	2449	if (i != 64) {
2450	SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,	2450	SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
2451	SSL_R_WRONG_SIGNATURE_SIZE);	2451	SSL_R_WRONG_SIGNATURE_SIZE);
2452	al = SSL_AD_DECODE_ERROR;	2452	al = SSL_AD_DECODE_ERROR;
2453	goto f_err;	2453	goto f_err;
2454	}	2454	}
2455	for (idx = 0; idx < 64; idx++) {	2455	pctx = EVP_PKEY_CTX_new(pkey, NULL);
2456	signature[63 - idx] = p[idx];	2456	if (pctx == NULL) {
		2457	SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
		2458	ERR_R_INTERNAL_ERROR);
		2459	al = SSL_AD_DECODE_ERROR;
		2460	goto f_err;
2457	}	2461	}
		2462	EVP_PKEY_verify_init(pctx);
		2463	for (idx = 0; idx < 64; idx++)
		2464	signature[63 - idx] = p[idx];
2458	j = EVP_PKEY_verify(pctx, signature, 64,	2465	j = EVP_PKEY_verify(pctx, signature, 64,
2459	s->s3->tmp.cert_verify_md, 32);	2466	s->s3->tmp.cert_verify_md, 32);
2460	EVP_PKEY_CTX_free(pctx);	2467	EVP_PKEY_CTX_free(pctx);