diff options
| author | miod <> | 2014-07-10 11:20:49 +0000 |
|---|---|---|
| committer | miod <> | 2014-07-10 11:20:49 +0000 |
| commit | 61a4bd4a18867aecea2b5f0da267ba17f1f102ea (patch) | |
| tree | 8b51a7da275d660326953bd9aba370561656a223 /src | |
| parent | 54142669ecd1df96a963490af716e9fb0b6558bf (diff) | |
| download | openbsd-61a4bd4a18867aecea2b5f0da267ba17f1f102ea.tar.gz openbsd-61a4bd4a18867aecea2b5f0da267ba17f1f102ea.tar.bz2 openbsd-61a4bd4a18867aecea2b5f0da267ba17f1f102ea.zip | |
Missing allocation checks and potential NULL pointer dereference in the
error path in PEM_X509_INFO_read_bio(); ok guenther@ jsing@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/pem/pem_info.c | 22 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/pem/pem_info.c | 22 |
2 files changed, 30 insertions, 14 deletions
diff --git a/src/lib/libcrypto/pem/pem_info.c b/src/lib/libcrypto/pem/pem_info.c index 5949b42898..62e2d4853f 100644 --- a/src/lib/libcrypto/pem/pem_info.c +++ b/src/lib/libcrypto/pem/pem_info.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: pem_info.c,v 1.15 2014/06/12 15:49:30 deraadt Exp $ */ | 1 | /* $OpenBSD: pem_info.c,v 1.16 2014/07/10 11:20:49 miod Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -106,7 +106,7 @@ PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, | |||
| 106 | if ((ret = sk_X509_INFO_new_null()) == NULL) { | 106 | if ((ret = sk_X509_INFO_new_null()) == NULL) { |
| 107 | PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, | 107 | PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, |
| 108 | ERR_R_MALLOC_FAILURE); | 108 | ERR_R_MALLOC_FAILURE); |
| 109 | goto err; | 109 | return 0; |
| 110 | } | 110 | } |
| 111 | } else | 111 | } else |
| 112 | ret = sk; | 112 | ret = sk; |
| @@ -173,9 +173,11 @@ start: | |||
| 173 | xi->enc_len = 0; | 173 | xi->enc_len = 0; |
| 174 | 174 | ||
| 175 | xi->x_pkey = X509_PKEY_new(); | 175 | xi->x_pkey = X509_PKEY_new(); |
| 176 | if (xi->x_pkey == NULL) | ||
| 177 | goto err; | ||
| 176 | ptype = EVP_PKEY_RSA; | 178 | ptype = EVP_PKEY_RSA; |
| 177 | pp = &xi->x_pkey->dec_pkey; | 179 | pp = &xi->x_pkey->dec_pkey; |
| 178 | if ((int)strlen(header) > 10) /* assume encrypted */ | 180 | if (strlen(header) > 10) /* assume encrypted */ |
| 179 | raw = 1; | 181 | raw = 1; |
| 180 | } else | 182 | } else |
| 181 | #endif | 183 | #endif |
| @@ -194,9 +196,11 @@ start: | |||
| 194 | xi->enc_len = 0; | 196 | xi->enc_len = 0; |
| 195 | 197 | ||
| 196 | xi->x_pkey = X509_PKEY_new(); | 198 | xi->x_pkey = X509_PKEY_new(); |
| 199 | if (xi->x_pkey == NULL) | ||
| 200 | goto err; | ||
| 197 | ptype = EVP_PKEY_DSA; | 201 | ptype = EVP_PKEY_DSA; |
| 198 | pp = &xi->x_pkey->dec_pkey; | 202 | pp = &xi->x_pkey->dec_pkey; |
| 199 | if ((int)strlen(header) > 10) /* assume encrypted */ | 203 | if (strlen(header) > 10) /* assume encrypted */ |
| 200 | raw = 1; | 204 | raw = 1; |
| 201 | } else | 205 | } else |
| 202 | #endif | 206 | #endif |
| @@ -215,9 +219,11 @@ start: | |||
| 215 | xi->enc_len = 0; | 219 | xi->enc_len = 0; |
| 216 | 220 | ||
| 217 | xi->x_pkey = X509_PKEY_new(); | 221 | xi->x_pkey = X509_PKEY_new(); |
| 222 | if (xi->x_pkey == NULL) | ||
| 223 | goto err; | ||
| 218 | ptype = EVP_PKEY_EC; | 224 | ptype = EVP_PKEY_EC; |
| 219 | pp = &xi->x_pkey->dec_pkey; | 225 | pp = &xi->x_pkey->dec_pkey; |
| 220 | if ((int)strlen(header) > 10) /* assume encrypted */ | 226 | if (strlen(header) > 10) /* assume encrypted */ |
| 221 | raw = 1; | 227 | raw = 1; |
| 222 | } else | 228 | } else |
| 223 | #endif | 229 | #endif |
| @@ -238,11 +244,13 @@ start: | |||
| 238 | if (ptype) { | 244 | if (ptype) { |
| 239 | if (!d2i_PrivateKey(ptype, pp, &p, | 245 | if (!d2i_PrivateKey(ptype, pp, &p, |
| 240 | len)) { | 246 | len)) { |
| 241 | PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_ASN1_LIB); | 247 | PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, |
| 248 | ERR_R_ASN1_LIB); | ||
| 242 | goto err; | 249 | goto err; |
| 243 | } | 250 | } |
| 244 | } else if (d2i(pp, &p, len) == NULL) { | 251 | } else if (d2i(pp, &p, len) == NULL) { |
| 245 | PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_ASN1_LIB); | 252 | PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, |
| 253 | ERR_R_ASN1_LIB); | ||
| 246 | goto err; | 254 | goto err; |
| 247 | } | 255 | } |
| 248 | } else { /* encrypted RSA data */ | 256 | } else { /* encrypted RSA data */ |
diff --git a/src/lib/libssl/src/crypto/pem/pem_info.c b/src/lib/libssl/src/crypto/pem/pem_info.c index 5949b42898..62e2d4853f 100644 --- a/src/lib/libssl/src/crypto/pem/pem_info.c +++ b/src/lib/libssl/src/crypto/pem/pem_info.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: pem_info.c,v 1.15 2014/06/12 15:49:30 deraadt Exp $ */ | 1 | /* $OpenBSD: pem_info.c,v 1.16 2014/07/10 11:20:49 miod Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -106,7 +106,7 @@ PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, | |||
| 106 | if ((ret = sk_X509_INFO_new_null()) == NULL) { | 106 | if ((ret = sk_X509_INFO_new_null()) == NULL) { |
| 107 | PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, | 107 | PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, |
| 108 | ERR_R_MALLOC_FAILURE); | 108 | ERR_R_MALLOC_FAILURE); |
| 109 | goto err; | 109 | return 0; |
| 110 | } | 110 | } |
| 111 | } else | 111 | } else |
| 112 | ret = sk; | 112 | ret = sk; |
| @@ -173,9 +173,11 @@ start: | |||
| 173 | xi->enc_len = 0; | 173 | xi->enc_len = 0; |
| 174 | 174 | ||
| 175 | xi->x_pkey = X509_PKEY_new(); | 175 | xi->x_pkey = X509_PKEY_new(); |
| 176 | if (xi->x_pkey == NULL) | ||
| 177 | goto err; | ||
| 176 | ptype = EVP_PKEY_RSA; | 178 | ptype = EVP_PKEY_RSA; |
| 177 | pp = &xi->x_pkey->dec_pkey; | 179 | pp = &xi->x_pkey->dec_pkey; |
| 178 | if ((int)strlen(header) > 10) /* assume encrypted */ | 180 | if (strlen(header) > 10) /* assume encrypted */ |
| 179 | raw = 1; | 181 | raw = 1; |
| 180 | } else | 182 | } else |
| 181 | #endif | 183 | #endif |
| @@ -194,9 +196,11 @@ start: | |||
| 194 | xi->enc_len = 0; | 196 | xi->enc_len = 0; |
| 195 | 197 | ||
| 196 | xi->x_pkey = X509_PKEY_new(); | 198 | xi->x_pkey = X509_PKEY_new(); |
| 199 | if (xi->x_pkey == NULL) | ||
| 200 | goto err; | ||
| 197 | ptype = EVP_PKEY_DSA; | 201 | ptype = EVP_PKEY_DSA; |
| 198 | pp = &xi->x_pkey->dec_pkey; | 202 | pp = &xi->x_pkey->dec_pkey; |
| 199 | if ((int)strlen(header) > 10) /* assume encrypted */ | 203 | if (strlen(header) > 10) /* assume encrypted */ |
| 200 | raw = 1; | 204 | raw = 1; |
| 201 | } else | 205 | } else |
| 202 | #endif | 206 | #endif |
| @@ -215,9 +219,11 @@ start: | |||
| 215 | xi->enc_len = 0; | 219 | xi->enc_len = 0; |
| 216 | 220 | ||
| 217 | xi->x_pkey = X509_PKEY_new(); | 221 | xi->x_pkey = X509_PKEY_new(); |
| 222 | if (xi->x_pkey == NULL) | ||
| 223 | goto err; | ||
| 218 | ptype = EVP_PKEY_EC; | 224 | ptype = EVP_PKEY_EC; |
| 219 | pp = &xi->x_pkey->dec_pkey; | 225 | pp = &xi->x_pkey->dec_pkey; |
| 220 | if ((int)strlen(header) > 10) /* assume encrypted */ | 226 | if (strlen(header) > 10) /* assume encrypted */ |
| 221 | raw = 1; | 227 | raw = 1; |
| 222 | } else | 228 | } else |
| 223 | #endif | 229 | #endif |
| @@ -238,11 +244,13 @@ start: | |||
| 238 | if (ptype) { | 244 | if (ptype) { |
| 239 | if (!d2i_PrivateKey(ptype, pp, &p, | 245 | if (!d2i_PrivateKey(ptype, pp, &p, |
| 240 | len)) { | 246 | len)) { |
| 241 | PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_ASN1_LIB); | 247 | PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, |
| 248 | ERR_R_ASN1_LIB); | ||
| 242 | goto err; | 249 | goto err; |
| 243 | } | 250 | } |
| 244 | } else if (d2i(pp, &p, len) == NULL) { | 251 | } else if (d2i(pp, &p, len) == NULL) { |
| 245 | PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_ASN1_LIB); | 252 | PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, |
| 253 | ERR_R_ASN1_LIB); | ||
| 246 | goto err; | 254 | goto err; |
| 247 | } | 255 | } |
| 248 | } else { /* encrypted RSA data */ | 256 | } else { /* encrypted RSA data */ |