From 6f4d6461c56d882eecea37a2948d1ed154d1e4f4 Mon Sep 17 00:00:00 2001 From: beck <> Date: Sat, 18 Jul 2015 00:01:05 +0000 Subject: Fix leak found by coverity, issue 78897 - which also brough to light that the child counting was broken in the original code. this is still fugly, but this preserves all the existing goo. ok doug@ --- src/lib/libcrypto/x509v3/pcy_int.h | 6 ++--- src/lib/libcrypto/x509v3/pcy_node.c | 36 ++++++++++++++++++----------- src/lib/libcrypto/x509v3/pcy_tree.c | 16 ++++++------- src/lib/libssl/src/crypto/x509v3/pcy_int.h | 6 ++--- src/lib/libssl/src/crypto/x509v3/pcy_node.c | 36 ++++++++++++++++++----------- src/lib/libssl/src/crypto/x509v3/pcy_tree.c | 16 ++++++------- 6 files changed, 66 insertions(+), 50 deletions(-) (limited to 'src/lib') diff --git a/src/lib/libcrypto/x509v3/pcy_int.h b/src/lib/libcrypto/x509v3/pcy_int.h index 3f8a8316e2..50ed7cbfcf 100644 --- a/src/lib/libcrypto/x509v3/pcy_int.h +++ b/src/lib/libcrypto/x509v3/pcy_int.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pcy_int.h,v 1.3 2014/06/12 15:49:31 deraadt Exp $ */ +/* $OpenBSD: pcy_int.h,v 1.4 2015/07/18 00:01:05 beck Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2004. */ @@ -196,9 +196,9 @@ X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level, X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk, const ASN1_OBJECT *id); -X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, +int level_add_node(X509_POLICY_LEVEL *level, const X509_POLICY_DATA *data, X509_POLICY_NODE *parent, - X509_POLICY_TREE *tree); + X509_POLICY_TREE *tree, X509_POLICY_NODE **nodep); void policy_node_free(X509_POLICY_NODE *node); int policy_node_match(const X509_POLICY_LEVEL *lvl, const X509_POLICY_NODE *node, const ASN1_OBJECT *oid); diff --git a/src/lib/libcrypto/x509v3/pcy_node.c b/src/lib/libcrypto/x509v3/pcy_node.c index 839113ea2f..ba22b267bf 100644 --- a/src/lib/libcrypto/x509v3/pcy_node.c +++ b/src/lib/libcrypto/x509v3/pcy_node.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pcy_node.c,v 1.5 2014/07/23 20:49:52 miod Exp $ */ +/* $OpenBSD: pcy_node.c,v 1.6 2015/07/18 00:01:05 beck Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2004. */ @@ -107,23 +107,26 @@ level_find_node(const X509_POLICY_LEVEL *level, const X509_POLICY_NODE *parent, return NULL; } -X509_POLICY_NODE * + +int level_add_node(X509_POLICY_LEVEL *level, const X509_POLICY_DATA *data, - X509_POLICY_NODE *parent, X509_POLICY_TREE *tree) + X509_POLICY_NODE *parent, X509_POLICY_TREE *tree, X509_POLICY_NODE **nodep) { - X509_POLICY_NODE *node; + X509_POLICY_NODE *node = NULL; - node = malloc(sizeof(X509_POLICY_NODE)); - if (!node) - return NULL; - node->data = data; - node->parent = parent; - node->nchild = 0; if (level) { + node = malloc(sizeof(X509_POLICY_NODE)); + if (!node) + goto node_error; + node->data = data; + node->parent = parent; + node->nchild = 0; if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) { if (level->anyPolicy) goto node_error; level->anyPolicy = node; + if (parent) + parent->nchild++; } else { if (!level->nodes) @@ -132,6 +135,8 @@ level_add_node(X509_POLICY_LEVEL *level, const X509_POLICY_DATA *data, goto node_error; if (!sk_X509_POLICY_NODE_push(level->nodes, node)) goto node_error; + if (parent) + parent->nchild++; } } @@ -144,17 +149,20 @@ level_add_node(X509_POLICY_LEVEL *level, const X509_POLICY_DATA *data, goto node_error_cond; } - if (parent) - parent->nchild++; + if (nodep) + *nodep = node; - return node; + return 1; node_error_cond: if (level) node = NULL; node_error: policy_node_free(node); - return NULL; + node = NULL; + if (nodep) + *nodep = node; + return 0; } void diff --git a/src/lib/libcrypto/x509v3/pcy_tree.c b/src/lib/libcrypto/x509v3/pcy_tree.c index 9e54f233ad..af9bf00c66 100644 --- a/src/lib/libcrypto/x509v3/pcy_tree.c +++ b/src/lib/libcrypto/x509v3/pcy_tree.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pcy_tree.c,v 1.14 2015/07/15 17:02:03 miod Exp $ */ +/* $OpenBSD: pcy_tree.c,v 1.15 2015/07/18 00:01:05 beck Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2004. */ @@ -233,7 +233,7 @@ tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, unsigned int flags) data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0); - if (!data || !level_add_node(level, data, NULL, tree)) + if (!data || !level_add_node(level, data, NULL, tree, NULL)) goto bad_tree; for (i = n - 2; i >= 0; i--) { @@ -297,13 +297,13 @@ tree_link_matching_nodes(X509_POLICY_LEVEL *curr, const X509_POLICY_DATA *data) for (i = 0; i < sk_X509_POLICY_NODE_num(last->nodes); i++) { node = sk_X509_POLICY_NODE_value(last->nodes, i); if (policy_node_match(last, node, data->valid_policy)) { - if (!level_add_node(curr, data, node, NULL)) + if (!level_add_node(curr, data, node, NULL, NULL)) return 0; matched = 1; } } if (!matched && last->anyPolicy) { - if (!level_add_node(curr, data, last->anyPolicy, NULL)) + if (!level_add_node(curr, data, last->anyPolicy, NULL, NULL)) return 0; } return 1; @@ -352,7 +352,7 @@ tree_add_unmatched(X509_POLICY_LEVEL *curr, const X509_POLICY_CACHE *cache, /* Curr may not have anyPolicy */ data->qualifier_set = cache->anyPolicy->qualifier_set; data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; - if (!level_add_node(curr, data, node, tree)) { + if (!level_add_node(curr, data, node, tree, NULL)) { policy_data_free(data); return 0; } @@ -410,7 +410,7 @@ tree_link_any(X509_POLICY_LEVEL *curr, const X509_POLICY_CACHE *cache, /* Finally add link to anyPolicy */ if (last->anyPolicy) { if (!level_add_node(curr, cache->anyPolicy, - last->anyPolicy, NULL)) + last->anyPolicy, NULL, NULL)) return 0; } return 1; @@ -581,8 +581,8 @@ tree_calculate_user_set(X509_POLICY_TREE *tree, extra->qualifier_set = anyPolicy->data->qualifier_set; extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS | POLICY_DATA_FLAG_EXTRA_NODE; - node = level_add_node(NULL, extra, anyPolicy->parent, - tree); + (void) level_add_node(NULL, extra, anyPolicy->parent, + tree, &node); } if (!tree->user_policies) { tree->user_policies = sk_X509_POLICY_NODE_new_null(); diff --git a/src/lib/libssl/src/crypto/x509v3/pcy_int.h b/src/lib/libssl/src/crypto/x509v3/pcy_int.h index 3f8a8316e2..50ed7cbfcf 100644 --- a/src/lib/libssl/src/crypto/x509v3/pcy_int.h +++ b/src/lib/libssl/src/crypto/x509v3/pcy_int.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pcy_int.h,v 1.3 2014/06/12 15:49:31 deraadt Exp $ */ +/* $OpenBSD: pcy_int.h,v 1.4 2015/07/18 00:01:05 beck Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2004. */ @@ -196,9 +196,9 @@ X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level, X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk, const ASN1_OBJECT *id); -X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, +int level_add_node(X509_POLICY_LEVEL *level, const X509_POLICY_DATA *data, X509_POLICY_NODE *parent, - X509_POLICY_TREE *tree); + X509_POLICY_TREE *tree, X509_POLICY_NODE **nodep); void policy_node_free(X509_POLICY_NODE *node); int policy_node_match(const X509_POLICY_LEVEL *lvl, const X509_POLICY_NODE *node, const ASN1_OBJECT *oid); diff --git a/src/lib/libssl/src/crypto/x509v3/pcy_node.c b/src/lib/libssl/src/crypto/x509v3/pcy_node.c index 839113ea2f..ba22b267bf 100644 --- a/src/lib/libssl/src/crypto/x509v3/pcy_node.c +++ b/src/lib/libssl/src/crypto/x509v3/pcy_node.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pcy_node.c,v 1.5 2014/07/23 20:49:52 miod Exp $ */ +/* $OpenBSD: pcy_node.c,v 1.6 2015/07/18 00:01:05 beck Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2004. */ @@ -107,23 +107,26 @@ level_find_node(const X509_POLICY_LEVEL *level, const X509_POLICY_NODE *parent, return NULL; } -X509_POLICY_NODE * + +int level_add_node(X509_POLICY_LEVEL *level, const X509_POLICY_DATA *data, - X509_POLICY_NODE *parent, X509_POLICY_TREE *tree) + X509_POLICY_NODE *parent, X509_POLICY_TREE *tree, X509_POLICY_NODE **nodep) { - X509_POLICY_NODE *node; + X509_POLICY_NODE *node = NULL; - node = malloc(sizeof(X509_POLICY_NODE)); - if (!node) - return NULL; - node->data = data; - node->parent = parent; - node->nchild = 0; if (level) { + node = malloc(sizeof(X509_POLICY_NODE)); + if (!node) + goto node_error; + node->data = data; + node->parent = parent; + node->nchild = 0; if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) { if (level->anyPolicy) goto node_error; level->anyPolicy = node; + if (parent) + parent->nchild++; } else { if (!level->nodes) @@ -132,6 +135,8 @@ level_add_node(X509_POLICY_LEVEL *level, const X509_POLICY_DATA *data, goto node_error; if (!sk_X509_POLICY_NODE_push(level->nodes, node)) goto node_error; + if (parent) + parent->nchild++; } } @@ -144,17 +149,20 @@ level_add_node(X509_POLICY_LEVEL *level, const X509_POLICY_DATA *data, goto node_error_cond; } - if (parent) - parent->nchild++; + if (nodep) + *nodep = node; - return node; + return 1; node_error_cond: if (level) node = NULL; node_error: policy_node_free(node); - return NULL; + node = NULL; + if (nodep) + *nodep = node; + return 0; } void diff --git a/src/lib/libssl/src/crypto/x509v3/pcy_tree.c b/src/lib/libssl/src/crypto/x509v3/pcy_tree.c index 9e54f233ad..af9bf00c66 100644 --- a/src/lib/libssl/src/crypto/x509v3/pcy_tree.c +++ b/src/lib/libssl/src/crypto/x509v3/pcy_tree.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pcy_tree.c,v 1.14 2015/07/15 17:02:03 miod Exp $ */ +/* $OpenBSD: pcy_tree.c,v 1.15 2015/07/18 00:01:05 beck Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2004. */ @@ -233,7 +233,7 @@ tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, unsigned int flags) data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0); - if (!data || !level_add_node(level, data, NULL, tree)) + if (!data || !level_add_node(level, data, NULL, tree, NULL)) goto bad_tree; for (i = n - 2; i >= 0; i--) { @@ -297,13 +297,13 @@ tree_link_matching_nodes(X509_POLICY_LEVEL *curr, const X509_POLICY_DATA *data) for (i = 0; i < sk_X509_POLICY_NODE_num(last->nodes); i++) { node = sk_X509_POLICY_NODE_value(last->nodes, i); if (policy_node_match(last, node, data->valid_policy)) { - if (!level_add_node(curr, data, node, NULL)) + if (!level_add_node(curr, data, node, NULL, NULL)) return 0; matched = 1; } } if (!matched && last->anyPolicy) { - if (!level_add_node(curr, data, last->anyPolicy, NULL)) + if (!level_add_node(curr, data, last->anyPolicy, NULL, NULL)) return 0; } return 1; @@ -352,7 +352,7 @@ tree_add_unmatched(X509_POLICY_LEVEL *curr, const X509_POLICY_CACHE *cache, /* Curr may not have anyPolicy */ data->qualifier_set = cache->anyPolicy->qualifier_set; data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; - if (!level_add_node(curr, data, node, tree)) { + if (!level_add_node(curr, data, node, tree, NULL)) { policy_data_free(data); return 0; } @@ -410,7 +410,7 @@ tree_link_any(X509_POLICY_LEVEL *curr, const X509_POLICY_CACHE *cache, /* Finally add link to anyPolicy */ if (last->anyPolicy) { if (!level_add_node(curr, cache->anyPolicy, - last->anyPolicy, NULL)) + last->anyPolicy, NULL, NULL)) return 0; } return 1; @@ -581,8 +581,8 @@ tree_calculate_user_set(X509_POLICY_TREE *tree, extra->qualifier_set = anyPolicy->data->qualifier_set; extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS | POLICY_DATA_FLAG_EXTRA_NODE; - node = level_add_node(NULL, extra, anyPolicy->parent, - tree); + (void) level_add_node(NULL, extra, anyPolicy->parent, + tree, &node); } if (!tree->user_policies) { tree->user_policies = sk_X509_POLICY_NODE_new_null(); -- cgit v1.2.3-55-g6feb