diff options
| author | miod <> | 2015-02-08 22:17:49 +0000 |
|---|---|---|
| committer | miod <> | 2015-02-08 22:17:49 +0000 |
| commit | 705f4ae838e975ff98c0985c32bc9d2b86d6b715 (patch) | |
| tree | a68379f70a40495cdcec2c96e351e4417641551e /src | |
| parent | 2179ddc2e9ec9e8527a6a060f97ba8d89787f82b (diff) | |
| download | openbsd-705f4ae838e975ff98c0985c32bc9d2b86d6b715.tar.gz openbsd-705f4ae838e975ff98c0985c32bc9d2b86d6b715.tar.bz2 openbsd-705f4ae838e975ff98c0985c32bc9d2b86d6b715.zip | |
Check memory allocation results, as well as stack pushes.
Also fix a memory leak in one of the error paths of SMIME_read_ASN1(), spotted
by doug@
tweaks&ok doug@ jsing@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/asn1/asn_mime.c | 43 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/asn1/asn_mime.c | 43 |
2 files changed, 68 insertions, 18 deletions
diff --git a/src/lib/libcrypto/asn1/asn_mime.c b/src/lib/libcrypto/asn1/asn_mime.c index afa0abd696..461ee16a4b 100644 --- a/src/lib/libcrypto/asn1/asn_mime.c +++ b/src/lib/libcrypto/asn1/asn_mime.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: asn_mime.c,v 1.23 2014/10/22 13:02:03 jsing Exp $ */ | 1 | /* $OpenBSD: asn_mime.c,v 1.24 2015/02/08 22:17:49 miod Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project. | 3 | * project. |
| 4 | */ | 4 | */ |
| @@ -487,6 +487,7 @@ SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it) | |||
| 487 | if (!(hdr = mime_hdr_find(headers, "content-type")) || | 487 | if (!(hdr = mime_hdr_find(headers, "content-type")) || |
| 488 | !hdr->value) { | 488 | !hdr->value) { |
| 489 | sk_MIME_HEADER_pop_free(headers, mime_hdr_free); | 489 | sk_MIME_HEADER_pop_free(headers, mime_hdr_free); |
| 490 | sk_BIO_pop_free(parts, BIO_vfree); | ||
| 490 | ASN1err(ASN1_F_SMIME_READ_ASN1, | 491 | ASN1err(ASN1_F_SMIME_READ_ASN1, |
| 491 | ASN1_R_NO_SIG_CONTENT_TYPE); | 492 | ASN1_R_NO_SIG_CONTENT_TYPE); |
| 492 | return NULL; | 493 | return NULL; |
| @@ -606,10 +607,10 @@ SMIME_text(BIO *in, BIO *out) | |||
| 606 | return 1; | 607 | return 1; |
| 607 | } | 608 | } |
| 608 | 609 | ||
| 609 | /* Split a multipart/XXX message body into component parts: result is | 610 | /* |
| 611 | * Split a multipart/XXX message body into component parts: result is | ||
| 610 | * canonical parts in a STACK of bios | 612 | * canonical parts in a STACK of bios |
| 611 | */ | 613 | */ |
| 612 | |||
| 613 | static int | 614 | static int |
| 614 | multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret) | 615 | multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret) |
| 615 | { | 616 | { |
| @@ -626,22 +627,29 @@ multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret) | |||
| 626 | first = 1; | 627 | first = 1; |
| 627 | parts = sk_BIO_new_null(); | 628 | parts = sk_BIO_new_null(); |
| 628 | *ret = parts; | 629 | *ret = parts; |
| 630 | if (parts == NULL) | ||
| 631 | return 0; | ||
| 629 | while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { | 632 | while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { |
| 630 | state = mime_bound_check(linebuf, len, bound, blen); | 633 | state = mime_bound_check(linebuf, len, bound, blen); |
| 631 | if (state == 1) { | 634 | if (state == 1) { |
| 632 | first = 1; | 635 | first = 1; |
| 633 | part++; | 636 | part++; |
| 634 | } else if (state == 2) { | 637 | } else if (state == 2) { |
| 635 | sk_BIO_push(parts, bpart); | 638 | if (sk_BIO_push(parts, bpart) == 0) |
| 639 | return 0; | ||
| 636 | return 1; | 640 | return 1; |
| 637 | } else if (part) { | 641 | } else if (part) { |
| 638 | /* Strip CR+LF from linebuf */ | 642 | /* Strip CR+LF from linebuf */ |
| 639 | next_eol = strip_eol(linebuf, &len); | 643 | next_eol = strip_eol(linebuf, &len); |
| 640 | if (first) { | 644 | if (first) { |
| 641 | first = 0; | 645 | first = 0; |
| 642 | if (bpart) | 646 | if (bpart != NULL) { |
| 643 | sk_BIO_push(parts, bpart); | 647 | if (sk_BIO_push(parts, bpart) == 0) |
| 648 | return 0; | ||
| 649 | } | ||
| 644 | bpart = BIO_new(BIO_s_mem()); | 650 | bpart = BIO_new(BIO_s_mem()); |
| 651 | if (bpart == NULL) | ||
| 652 | return 0; | ||
| 645 | BIO_set_mem_eof_return(bpart, 0); | 653 | BIO_set_mem_eof_return(bpart, 0); |
| 646 | } else if (eol) | 654 | } else if (eol) |
| 647 | BIO_write(bpart, "\r\n", 2); | 655 | BIO_write(bpart, "\r\n", 2); |
| @@ -650,6 +658,7 @@ multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret) | |||
| 650 | BIO_write(bpart, linebuf, len); | 658 | BIO_write(bpart, linebuf, len); |
| 651 | } | 659 | } |
| 652 | } | 660 | } |
| 661 | BIO_free(bpart); | ||
| 653 | return 0; | 662 | return 0; |
| 654 | } | 663 | } |
| 655 | 664 | ||
| @@ -709,7 +718,11 @@ STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio) | |||
| 709 | *p = 0; | 718 | *p = 0; |
| 710 | mhdr = mime_hdr_new(ntmp, | 719 | mhdr = mime_hdr_new(ntmp, |
| 711 | strip_ends(q)); | 720 | strip_ends(q)); |
| 712 | sk_MIME_HEADER_push(headers, mhdr); | 721 | if (mhdr == NULL) |
| 722 | goto merr; | ||
| 723 | if (sk_MIME_HEADER_push(headers, | ||
| 724 | mhdr) == 0) | ||
| 725 | goto merr; | ||
| 713 | ntmp = NULL; | 726 | ntmp = NULL; |
| 714 | q = p + 1; | 727 | q = p + 1; |
| 715 | state = MIME_NAME; | 728 | state = MIME_NAME; |
| @@ -762,7 +775,10 @@ STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio) | |||
| 762 | 775 | ||
| 763 | if (state == MIME_TYPE) { | 776 | if (state == MIME_TYPE) { |
| 764 | mhdr = mime_hdr_new(ntmp, strip_ends(q)); | 777 | mhdr = mime_hdr_new(ntmp, strip_ends(q)); |
| 765 | sk_MIME_HEADER_push(headers, mhdr); | 778 | if (mhdr == NULL) |
| 779 | goto merr; | ||
| 780 | if (sk_MIME_HEADER_push(headers, mhdr) == 0) | ||
| 781 | goto merr; | ||
| 766 | } else if (state == MIME_VALUE) | 782 | } else if (state == MIME_VALUE) |
| 767 | mime_hdr_addparam(mhdr, ntmp, strip_ends(q)); | 783 | mime_hdr_addparam(mhdr, ntmp, strip_ends(q)); |
| 768 | 784 | ||
| @@ -771,6 +787,12 @@ STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio) | |||
| 771 | } | 787 | } |
| 772 | 788 | ||
| 773 | return headers; | 789 | return headers; |
| 790 | |||
| 791 | merr: | ||
| 792 | if (mhdr != NULL) | ||
| 793 | mime_hdr_free(mhdr); | ||
| 794 | sk_MIME_HEADER_pop_free(headers, mime_hdr_free); | ||
| 795 | return NULL; | ||
| 774 | } | 796 | } |
| 775 | 797 | ||
| 776 | static char * | 798 | static char * |
| @@ -884,7 +906,10 @@ mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value) | |||
| 884 | goto err; | 906 | goto err; |
| 885 | mparam->param_name = tmpname; | 907 | mparam->param_name = tmpname; |
| 886 | mparam->param_value = tmpval; | 908 | mparam->param_value = tmpval; |
| 887 | sk_MIME_PARAM_push(mhdr->params, mparam); | 909 | if (sk_MIME_PARAM_push(mhdr->params, mparam) == 0) { |
| 910 | free(mparam); | ||
| 911 | goto err; | ||
| 912 | } | ||
| 888 | return 1; | 913 | return 1; |
| 889 | err: | 914 | err: |
| 890 | free(tmpname); | 915 | free(tmpname); |
diff --git a/src/lib/libssl/src/crypto/asn1/asn_mime.c b/src/lib/libssl/src/crypto/asn1/asn_mime.c index afa0abd696..461ee16a4b 100644 --- a/src/lib/libssl/src/crypto/asn1/asn_mime.c +++ b/src/lib/libssl/src/crypto/asn1/asn_mime.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: asn_mime.c,v 1.23 2014/10/22 13:02:03 jsing Exp $ */ | 1 | /* $OpenBSD: asn_mime.c,v 1.24 2015/02/08 22:17:49 miod Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project. | 3 | * project. |
| 4 | */ | 4 | */ |
| @@ -487,6 +487,7 @@ SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it) | |||
| 487 | if (!(hdr = mime_hdr_find(headers, "content-type")) || | 487 | if (!(hdr = mime_hdr_find(headers, "content-type")) || |
| 488 | !hdr->value) { | 488 | !hdr->value) { |
| 489 | sk_MIME_HEADER_pop_free(headers, mime_hdr_free); | 489 | sk_MIME_HEADER_pop_free(headers, mime_hdr_free); |
| 490 | sk_BIO_pop_free(parts, BIO_vfree); | ||
| 490 | ASN1err(ASN1_F_SMIME_READ_ASN1, | 491 | ASN1err(ASN1_F_SMIME_READ_ASN1, |
| 491 | ASN1_R_NO_SIG_CONTENT_TYPE); | 492 | ASN1_R_NO_SIG_CONTENT_TYPE); |
| 492 | return NULL; | 493 | return NULL; |
| @@ -606,10 +607,10 @@ SMIME_text(BIO *in, BIO *out) | |||
| 606 | return 1; | 607 | return 1; |
| 607 | } | 608 | } |
| 608 | 609 | ||
| 609 | /* Split a multipart/XXX message body into component parts: result is | 610 | /* |
| 611 | * Split a multipart/XXX message body into component parts: result is | ||
| 610 | * canonical parts in a STACK of bios | 612 | * canonical parts in a STACK of bios |
| 611 | */ | 613 | */ |
| 612 | |||
| 613 | static int | 614 | static int |
| 614 | multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret) | 615 | multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret) |
| 615 | { | 616 | { |
| @@ -626,22 +627,29 @@ multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret) | |||
| 626 | first = 1; | 627 | first = 1; |
| 627 | parts = sk_BIO_new_null(); | 628 | parts = sk_BIO_new_null(); |
| 628 | *ret = parts; | 629 | *ret = parts; |
| 630 | if (parts == NULL) | ||
| 631 | return 0; | ||
| 629 | while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { | 632 | while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { |
| 630 | state = mime_bound_check(linebuf, len, bound, blen); | 633 | state = mime_bound_check(linebuf, len, bound, blen); |
| 631 | if (state == 1) { | 634 | if (state == 1) { |
| 632 | first = 1; | 635 | first = 1; |
| 633 | part++; | 636 | part++; |
| 634 | } else if (state == 2) { | 637 | } else if (state == 2) { |
| 635 | sk_BIO_push(parts, bpart); | 638 | if (sk_BIO_push(parts, bpart) == 0) |
| 639 | return 0; | ||
| 636 | return 1; | 640 | return 1; |
| 637 | } else if (part) { | 641 | } else if (part) { |
| 638 | /* Strip CR+LF from linebuf */ | 642 | /* Strip CR+LF from linebuf */ |
| 639 | next_eol = strip_eol(linebuf, &len); | 643 | next_eol = strip_eol(linebuf, &len); |
| 640 | if (first) { | 644 | if (first) { |
| 641 | first = 0; | 645 | first = 0; |
| 642 | if (bpart) | 646 | if (bpart != NULL) { |
| 643 | sk_BIO_push(parts, bpart); | 647 | if (sk_BIO_push(parts, bpart) == 0) |
| 648 | return 0; | ||
| 649 | } | ||
| 644 | bpart = BIO_new(BIO_s_mem()); | 650 | bpart = BIO_new(BIO_s_mem()); |
| 651 | if (bpart == NULL) | ||
| 652 | return 0; | ||
| 645 | BIO_set_mem_eof_return(bpart, 0); | 653 | BIO_set_mem_eof_return(bpart, 0); |
| 646 | } else if (eol) | 654 | } else if (eol) |
| 647 | BIO_write(bpart, "\r\n", 2); | 655 | BIO_write(bpart, "\r\n", 2); |
| @@ -650,6 +658,7 @@ multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret) | |||
| 650 | BIO_write(bpart, linebuf, len); | 658 | BIO_write(bpart, linebuf, len); |
| 651 | } | 659 | } |
| 652 | } | 660 | } |
| 661 | BIO_free(bpart); | ||
| 653 | return 0; | 662 | return 0; |
| 654 | } | 663 | } |
| 655 | 664 | ||
| @@ -709,7 +718,11 @@ STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio) | |||
| 709 | *p = 0; | 718 | *p = 0; |
| 710 | mhdr = mime_hdr_new(ntmp, | 719 | mhdr = mime_hdr_new(ntmp, |
| 711 | strip_ends(q)); | 720 | strip_ends(q)); |
| 712 | sk_MIME_HEADER_push(headers, mhdr); | 721 | if (mhdr == NULL) |
| 722 | goto merr; | ||
| 723 | if (sk_MIME_HEADER_push(headers, | ||
| 724 | mhdr) == 0) | ||
| 725 | goto merr; | ||
| 713 | ntmp = NULL; | 726 | ntmp = NULL; |
| 714 | q = p + 1; | 727 | q = p + 1; |
| 715 | state = MIME_NAME; | 728 | state = MIME_NAME; |
| @@ -762,7 +775,10 @@ STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio) | |||
| 762 | 775 | ||
| 763 | if (state == MIME_TYPE) { | 776 | if (state == MIME_TYPE) { |
| 764 | mhdr = mime_hdr_new(ntmp, strip_ends(q)); | 777 | mhdr = mime_hdr_new(ntmp, strip_ends(q)); |
| 765 | sk_MIME_HEADER_push(headers, mhdr); | 778 | if (mhdr == NULL) |
| 779 | goto merr; | ||
| 780 | if (sk_MIME_HEADER_push(headers, mhdr) == 0) | ||
| 781 | goto merr; | ||
| 766 | } else if (state == MIME_VALUE) | 782 | } else if (state == MIME_VALUE) |
| 767 | mime_hdr_addparam(mhdr, ntmp, strip_ends(q)); | 783 | mime_hdr_addparam(mhdr, ntmp, strip_ends(q)); |
| 768 | 784 | ||
| @@ -771,6 +787,12 @@ STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio) | |||
| 771 | } | 787 | } |
| 772 | 788 | ||
| 773 | return headers; | 789 | return headers; |
| 790 | |||
| 791 | merr: | ||
| 792 | if (mhdr != NULL) | ||
| 793 | mime_hdr_free(mhdr); | ||
| 794 | sk_MIME_HEADER_pop_free(headers, mime_hdr_free); | ||
| 795 | return NULL; | ||
| 774 | } | 796 | } |
| 775 | 797 | ||
| 776 | static char * | 798 | static char * |
| @@ -884,7 +906,10 @@ mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value) | |||
| 884 | goto err; | 906 | goto err; |
| 885 | mparam->param_name = tmpname; | 907 | mparam->param_name = tmpname; |
| 886 | mparam->param_value = tmpval; | 908 | mparam->param_value = tmpval; |
| 887 | sk_MIME_PARAM_push(mhdr->params, mparam); | 909 | if (sk_MIME_PARAM_push(mhdr->params, mparam) == 0) { |
| 910 | free(mparam); | ||
| 911 | goto err; | ||
| 912 | } | ||
| 888 | return 1; | 913 | return 1; |
| 889 | err: | 914 | err: |
| 890 | free(tmpname); | 915 | free(tmpname); |