Fix a double free in a can't-fail error path in PKCS7_decrypt(), by removing

the error path altogether and simplifying the local variables as a result. joint work with jsing@; ok jsing@ tedu@
author: miod <> 2014-07-10 21:40:59 +0000
committer: miod <> 2014-07-10 21:40:59 +0000
commit: c99ec4c1c37261359267882a1c4fc78b3022a6b6 (patch)
tree: 6aa39ccd3cabdc1887e9f7cd7c39fd94dbf3832e /src
parent: a8df8788ad3c4dfac45f2fbbbfd96d6cfc73f39a (diff)
download: openbsd-c99ec4c1c37261359267882a1c4fc78b3022a6b6.tar.gz
openbsd-c99ec4c1c37261359267882a1c4fc78b3022a6b6.tar.bz2
openbsd-c99ec4c1c37261359267882a1c4fc78b3022a6b6.zip
2 files changed, 12 insertions, 20 deletions
diff --git a/src/lib/libcrypto/pkcs7/pk7_smime.c b/src/lib/libcrypto/pkcs7/pk7_smime.c
index 5d174f7644..01734bdd1b 100644
--- a/src/lib/libcrypto/pkcs7/pk7_smime.c
+++ b/src/lib/libcrypto/pkcs7/pk7_smime.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pk7_smime.c,v 1.15 2014/06/29 17:05:36 jsing Exp $ */
+/* $OpenBSD: pk7_smime.c,v 1.16 2014/07/10 21:40:59 miod Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
@@ -551,25 +551,21 @@ PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
        }
        if (flags & PKCS7_TEXT) {
-                BIO *tmpbuf, *bread;
+                BIO *tmpbuf;
                /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */
                if (!(tmpbuf = BIO_new(BIO_f_buffer()))) {
                        PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
                        BIO_free_all(tmpmem);
                        return 0;
                }
-                if (!(bread = BIO_push(tmpbuf, tmpmem))) {
+                BIO_push(tmpbuf, tmpmem);
-                        PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
+                ret = SMIME_text(tmpbuf, data);
-                        BIO_free_all(tmpbuf);
-                        BIO_free_all(tmpmem);
-                        return 0;
-                }
-                ret = SMIME_text(bread, data);
                if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) {
                        if (!BIO_get_cipher_status(tmpmem))
                                ret = 0;
                }
-                BIO_free_all(bread);
+                BIO_free_all(tmpbuf);
                return ret;
        } else {
                for (;;) {
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c b/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c
index 5d174f7644..01734bdd1b 100644
--- a/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c
+++ b/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pk7_smime.c,v 1.15 2014/06/29 17:05:36 jsing Exp $ */
+/* $OpenBSD: pk7_smime.c,v 1.16 2014/07/10 21:40:59 miod Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
@@ -551,25 +551,21 @@ PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
        }
        if (flags & PKCS7_TEXT) {
-                BIO *tmpbuf, *bread;
+                BIO *tmpbuf;
                /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */
                if (!(tmpbuf = BIO_new(BIO_f_buffer()))) {
                        PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
                        BIO_free_all(tmpmem);
                        return 0;
                }
-                if (!(bread = BIO_push(tmpbuf, tmpmem))) {
+                BIO_push(tmpbuf, tmpmem);
-                        PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
+                ret = SMIME_text(tmpbuf, data);
-                        BIO_free_all(tmpbuf);
-                        BIO_free_all(tmpmem);
-                        return 0;
-                }
-                ret = SMIME_text(bread, data);
                if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) {
                        if (!BIO_get_cipher_status(tmpmem))
                                ret = 0;
                }
-                BIO_free_all(bread);
+                BIO_free_all(tmpbuf);
                return ret;
        } else {
                for (;;) {
author	miod <>	2014-07-10 21:40:59 +0000
committer	miod <>	2014-07-10 21:40:59 +0000
commit	c99ec4c1c37261359267882a1c4fc78b3022a6b6 (patch)
tree	6aa39ccd3cabdc1887e9f7cd7c39fd94dbf3832e /src
parent	a8df8788ad3c4dfac45f2fbbbfd96d6cfc73f39a (diff)
download	openbsd-c99ec4c1c37261359267882a1c4fc78b3022a6b6.tar.gz openbsd-c99ec4c1c37261359267882a1c4fc78b3022a6b6.tar.bz2 openbsd-c99ec4c1c37261359267882a1c4fc78b3022a6b6.zip