diff options
| author | miod <> | 2014-10-05 18:33:57 +0000 |
|---|---|---|
| committer | miod <> | 2014-10-05 18:33:57 +0000 |
| commit | 49188c3cbd6d5b685ae672d1413d71756fcfe5ae (patch) | |
| tree | df8d62c552e6e0a96c09d51f0420954c0bbad6ec /src | |
| parent | 3a13a528b3c202483ccdd9d0a1bb30b5bb590858 (diff) | |
| download | openbsd-49188c3cbd6d5b685ae672d1413d71756fcfe5ae.tar.gz openbsd-49188c3cbd6d5b685ae672d1413d71756fcfe5ae.tar.bz2 openbsd-49188c3cbd6d5b685ae672d1413d71756fcfe5ae.zip | |
The fixes to X509_PURPOSE_add() in r1.18 actually could cause a global
X509_PURPOSE object (obtained with X509_PURPOSE_get0() instead of being
allocated in the function) to be freed if modifying that object would fail
due to a low memory condition, while this object would still be referenced
elsewhere.
Fix this by only cleaning the object if we did not allocate it here.
While there, fail early if either `name' or `sname' are NULL, rather than
allocating an object and realizing we have nothing to strdup() into it.
ok guenther@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/x509v3/v3_purp.c | 56 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/x509v3/v3_purp.c | 56 |
2 files changed, 58 insertions, 54 deletions
diff --git a/src/lib/libcrypto/x509v3/v3_purp.c b/src/lib/libcrypto/x509v3/v3_purp.c index b8db8d69a2..1a073e368e 100644 --- a/src/lib/libcrypto/x509v3/v3_purp.c +++ b/src/lib/libcrypto/x509v3/v3_purp.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: v3_purp.c,v 1.22 2014/07/13 16:03:10 beck Exp $ */ | 1 | /* $OpenBSD: v3_purp.c,v 1.23 2014/10/05 18:33:57 miod Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2001. | 3 | * project 2001. |
| 4 | */ | 4 | */ |
| @@ -204,6 +204,12 @@ X509_PURPOSE_add(int id, int trust, int flags, | |||
| 204 | int idx; | 204 | int idx; |
| 205 | X509_PURPOSE *ptmp; | 205 | X509_PURPOSE *ptmp; |
| 206 | 206 | ||
| 207 | if (name == NULL || sname == NULL) { | ||
| 208 | X509V3err(X509V3_F_X509_PURPOSE_ADD, | ||
| 209 | X509V3_R_INVALID_NULL_ARGUMENT); | ||
| 210 | return 0; | ||
| 211 | } | ||
| 212 | |||
| 207 | /* This is set according to what we change: application can't set it */ | 213 | /* This is set according to what we change: application can't set it */ |
| 208 | flags &= ~X509_PURPOSE_DYNAMIC; | 214 | flags &= ~X509_PURPOSE_DYNAMIC; |
| 209 | /* This will always be set for application modified trust entries */ | 215 | /* This will always be set for application modified trust entries */ |
| @@ -212,7 +218,7 @@ X509_PURPOSE_add(int id, int trust, int flags, | |||
| 212 | idx = X509_PURPOSE_get_by_id(id); | 218 | idx = X509_PURPOSE_get_by_id(id); |
| 213 | /* Need a new entry */ | 219 | /* Need a new entry */ |
| 214 | if (idx == -1) { | 220 | if (idx == -1) { |
| 215 | if (!(ptmp = malloc(sizeof(X509_PURPOSE)))) { | 221 | if ((ptmp = malloc(sizeof(X509_PURPOSE))) == NULL) { |
| 216 | X509V3err(X509V3_F_X509_PURPOSE_ADD, | 222 | X509V3err(X509V3_F_X509_PURPOSE_ADD, |
| 217 | ERR_R_MALLOC_FAILURE); | 223 | ERR_R_MALLOC_FAILURE); |
| 218 | return 0; | 224 | return 0; |
| @@ -227,15 +233,10 @@ X509_PURPOSE_add(int id, int trust, int flags, | |||
| 227 | free(ptmp->sname); | 233 | free(ptmp->sname); |
| 228 | } | 234 | } |
| 229 | /* dup supplied name */ | 235 | /* dup supplied name */ |
| 230 | ptmp->name = name ? strdup(name) : NULL; | 236 | ptmp->name = strdup(name); |
| 231 | ptmp->sname = sname ? strdup(sname) : NULL; | 237 | ptmp->sname = strdup(sname); |
| 232 | if (!ptmp->name || !ptmp->sname) { | 238 | if (ptmp->name == NULL || ptmp->sname == NULL) |
| 233 | free(ptmp->name); | 239 | goto err; |
| 234 | free(ptmp->sname); | ||
| 235 | free(ptmp); | ||
| 236 | X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE); | ||
| 237 | return 0; | ||
| 238 | } | ||
| 239 | /* Keep the dynamic flag of existing entry */ | 240 | /* Keep the dynamic flag of existing entry */ |
| 240 | ptmp->flags &= X509_PURPOSE_DYNAMIC; | 241 | ptmp->flags &= X509_PURPOSE_DYNAMIC; |
| 241 | /* Set all other flags */ | 242 | /* Set all other flags */ |
| @@ -248,24 +249,25 @@ X509_PURPOSE_add(int id, int trust, int flags, | |||
| 248 | 249 | ||
| 249 | /* If its a new entry manage the dynamic table */ | 250 | /* If its a new entry manage the dynamic table */ |
| 250 | if (idx == -1) { | 251 | if (idx == -1) { |
| 251 | if (!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) { | 252 | if (xptable == NULL && |
| 252 | free(ptmp->name); | 253 | (xptable = sk_X509_PURPOSE_new(xp_cmp)) == NULL) |
| 253 | free(ptmp->sname); | 254 | goto err; |
| 254 | free(ptmp); | 255 | if (sk_X509_PURPOSE_push(xptable, ptmp) == 0) |
| 255 | X509V3err(X509V3_F_X509_PURPOSE_ADD, | 256 | goto err; |
| 256 | ERR_R_MALLOC_FAILURE); | ||
| 257 | return 0; | ||
| 258 | } | ||
| 259 | if (!sk_X509_PURPOSE_push(xptable, ptmp)) { | ||
| 260 | free(ptmp->name); | ||
| 261 | free(ptmp->sname); | ||
| 262 | free(ptmp); | ||
| 263 | X509V3err(X509V3_F_X509_PURPOSE_ADD, | ||
| 264 | ERR_R_MALLOC_FAILURE); | ||
| 265 | return 0; | ||
| 266 | } | ||
| 267 | } | 257 | } |
| 268 | return 1; | 258 | return 1; |
| 259 | |||
| 260 | err: | ||
| 261 | free(ptmp->name); | ||
| 262 | free(ptmp->sname); | ||
| 263 | if (idx == -1) | ||
| 264 | free(ptmp); | ||
| 265 | else { | ||
| 266 | ptmp->name = NULL; | ||
| 267 | ptmp->sname = NULL; | ||
| 268 | } | ||
| 269 | X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE); | ||
| 270 | return 0; | ||
| 269 | } | 271 | } |
| 270 | 272 | ||
| 271 | static void | 273 | static void |
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_purp.c b/src/lib/libssl/src/crypto/x509v3/v3_purp.c index b8db8d69a2..1a073e368e 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_purp.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_purp.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: v3_purp.c,v 1.22 2014/07/13 16:03:10 beck Exp $ */ | 1 | /* $OpenBSD: v3_purp.c,v 1.23 2014/10/05 18:33:57 miod Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2001. | 3 | * project 2001. |
| 4 | */ | 4 | */ |
| @@ -204,6 +204,12 @@ X509_PURPOSE_add(int id, int trust, int flags, | |||
| 204 | int idx; | 204 | int idx; |
| 205 | X509_PURPOSE *ptmp; | 205 | X509_PURPOSE *ptmp; |
| 206 | 206 | ||
| 207 | if (name == NULL || sname == NULL) { | ||
| 208 | X509V3err(X509V3_F_X509_PURPOSE_ADD, | ||
| 209 | X509V3_R_INVALID_NULL_ARGUMENT); | ||
| 210 | return 0; | ||
| 211 | } | ||
| 212 | |||
| 207 | /* This is set according to what we change: application can't set it */ | 213 | /* This is set according to what we change: application can't set it */ |
| 208 | flags &= ~X509_PURPOSE_DYNAMIC; | 214 | flags &= ~X509_PURPOSE_DYNAMIC; |
| 209 | /* This will always be set for application modified trust entries */ | 215 | /* This will always be set for application modified trust entries */ |
| @@ -212,7 +218,7 @@ X509_PURPOSE_add(int id, int trust, int flags, | |||
| 212 | idx = X509_PURPOSE_get_by_id(id); | 218 | idx = X509_PURPOSE_get_by_id(id); |
| 213 | /* Need a new entry */ | 219 | /* Need a new entry */ |
| 214 | if (idx == -1) { | 220 | if (idx == -1) { |
| 215 | if (!(ptmp = malloc(sizeof(X509_PURPOSE)))) { | 221 | if ((ptmp = malloc(sizeof(X509_PURPOSE))) == NULL) { |
| 216 | X509V3err(X509V3_F_X509_PURPOSE_ADD, | 222 | X509V3err(X509V3_F_X509_PURPOSE_ADD, |
| 217 | ERR_R_MALLOC_FAILURE); | 223 | ERR_R_MALLOC_FAILURE); |
| 218 | return 0; | 224 | return 0; |
| @@ -227,15 +233,10 @@ X509_PURPOSE_add(int id, int trust, int flags, | |||
| 227 | free(ptmp->sname); | 233 | free(ptmp->sname); |
| 228 | } | 234 | } |
| 229 | /* dup supplied name */ | 235 | /* dup supplied name */ |
| 230 | ptmp->name = name ? strdup(name) : NULL; | 236 | ptmp->name = strdup(name); |
| 231 | ptmp->sname = sname ? strdup(sname) : NULL; | 237 | ptmp->sname = strdup(sname); |
| 232 | if (!ptmp->name || !ptmp->sname) { | 238 | if (ptmp->name == NULL || ptmp->sname == NULL) |
| 233 | free(ptmp->name); | 239 | goto err; |
| 234 | free(ptmp->sname); | ||
| 235 | free(ptmp); | ||
| 236 | X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE); | ||
| 237 | return 0; | ||
| 238 | } | ||
| 239 | /* Keep the dynamic flag of existing entry */ | 240 | /* Keep the dynamic flag of existing entry */ |
| 240 | ptmp->flags &= X509_PURPOSE_DYNAMIC; | 241 | ptmp->flags &= X509_PURPOSE_DYNAMIC; |
| 241 | /* Set all other flags */ | 242 | /* Set all other flags */ |
| @@ -248,24 +249,25 @@ X509_PURPOSE_add(int id, int trust, int flags, | |||
| 248 | 249 | ||
| 249 | /* If its a new entry manage the dynamic table */ | 250 | /* If its a new entry manage the dynamic table */ |
| 250 | if (idx == -1) { | 251 | if (idx == -1) { |
| 251 | if (!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) { | 252 | if (xptable == NULL && |
| 252 | free(ptmp->name); | 253 | (xptable = sk_X509_PURPOSE_new(xp_cmp)) == NULL) |
| 253 | free(ptmp->sname); | 254 | goto err; |
| 254 | free(ptmp); | 255 | if (sk_X509_PURPOSE_push(xptable, ptmp) == 0) |
| 255 | X509V3err(X509V3_F_X509_PURPOSE_ADD, | 256 | goto err; |
| 256 | ERR_R_MALLOC_FAILURE); | ||
| 257 | return 0; | ||
| 258 | } | ||
| 259 | if (!sk_X509_PURPOSE_push(xptable, ptmp)) { | ||
| 260 | free(ptmp->name); | ||
| 261 | free(ptmp->sname); | ||
| 262 | free(ptmp); | ||
| 263 | X509V3err(X509V3_F_X509_PURPOSE_ADD, | ||
| 264 | ERR_R_MALLOC_FAILURE); | ||
| 265 | return 0; | ||
| 266 | } | ||
| 267 | } | 257 | } |
| 268 | return 1; | 258 | return 1; |
| 259 | |||
| 260 | err: | ||
| 261 | free(ptmp->name); | ||
| 262 | free(ptmp->sname); | ||
| 263 | if (idx == -1) | ||
| 264 | free(ptmp); | ||
| 265 | else { | ||
| 266 | ptmp->name = NULL; | ||
| 267 | ptmp->sname = NULL; | ||
| 268 | } | ||
| 269 | X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE); | ||
| 270 | return 0; | ||
| 269 | } | 271 | } |
| 270 | 272 | ||
| 271 | static void | 273 | static void |