From e88d2ca994975a40c322d00690d7f3dcffdf1711 Mon Sep 17 00:00:00 2001
From: miod <>
Date: Fri, 11 Jul 2014 12:17:46 +0000
Subject: Missing calloc() return value check in dgram_sctp_ctrl(); from Kurt
 Roeckx via OpenSSL trunk

---
 src/lib/libcrypto/bio/bss_dgram.c         | 32 ++++++++++++++++++++-----------
 src/lib/libssl/src/crypto/bio/bss_dgram.c | 32 ++++++++++++++++++++-----------
 2 files changed, 42 insertions(+), 22 deletions(-)

(limited to 'src')

diff --git a/src/lib/libcrypto/bio/bss_dgram.c b/src/lib/libcrypto/bio/bss_dgram.c
index caa8480657..afce2e5290 100644
--- a/src/lib/libcrypto/bio/bss_dgram.c
+++ b/src/lib/libcrypto/bio/bss_dgram.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bss_dgram.c,v 1.31 2014/07/11 08:44:47 jsing Exp $ */
+/* $OpenBSD: bss_dgram.c,v 1.32 2014/07/11 12:17:46 miod Exp $ */
 /* 
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
@@ -1166,7 +1166,6 @@ dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr)
 	bio_dgram_sctp_data *data = NULL;
 	socklen_t sockopt_len = 0;
 	struct sctp_authkeyid authkeyid;
-	struct sctp_authkey *authkey;
 
 	data = (bio_dgram_sctp_data *)b->ptr;
 
@@ -1208,48 +1207,58 @@ dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr)
 		ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_NODELAY, &data->in_handshake, sizeof(int));
 		break;
 	case BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY:
+	    {
+		struct sctp_authkey *authkey;
+
 		/* New shared key for SCTP AUTH.
 		 * Returns 0 on success, -1 otherwise.
 		 */
 
 		/* Get active key */
 		sockopt_len = sizeof(struct sctp_authkeyid);
-		ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid, &sockopt_len);
+		ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
+		    &authkeyid, &sockopt_len);
 		if (ret < 0)
 			break;
 
 		/* Add new key */
 		sockopt_len = sizeof(struct sctp_authkey) + 64 * sizeof(uint8_t);
 		authkey = calloc(1, sockopt_len);
+		if (authkey == NULL) {
+			ret = -1;
+			break;
+		}
 		authkey->sca_keynumber = authkeyid.scact_keynumber + 1;
 		authkey->sca_keylength = 64;
 		memcpy(&authkey->sca_key[0], ptr, 64 * sizeof(uint8_t));
 
-		ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_KEY, authkey, sockopt_len);
+		ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_KEY, authkey,
+		    sockopt_len);
 		free(authkey);
 		if (ret < 0)
 			break;
 
 		/* Reset active key */
 		ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
-		&authkeyid, sizeof(struct sctp_authkeyid));
+		    &authkeyid, sizeof(struct sctp_authkeyid));
 		if (ret < 0)
 			break;
-
+	    }
 		break;
 	case BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY:
 		/* Returns 0 on success, -1 otherwise. */
 
 		/* Get active key */
 		sockopt_len = sizeof(struct sctp_authkeyid);
-		ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid, &sockopt_len);
+		ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
+		    &authkeyid, &sockopt_len);
 		if (ret < 0)
 			break;
 
 		/* Set active key */
 		authkeyid.scact_keynumber = authkeyid.scact_keynumber + 1;
 		ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
-		&authkeyid, sizeof(struct sctp_authkeyid));
+		    &authkeyid, sizeof(struct sctp_authkeyid));
 		if (ret < 0)
 			break;
 
@@ -1269,7 +1278,8 @@ dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr)
 		if (data->ccs_rcvd == 1 && data->ccs_sent == 1) {
 			/* Get active key */
 			sockopt_len = sizeof(struct sctp_authkeyid);
-			ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid, &sockopt_len);
+			ret = getsockopt(b->num, IPPROTO_SCTP,
+			    SCTP_AUTH_ACTIVE_KEY, &authkeyid, &sockopt_len);
 			if (ret < 0)
 				break;
 
@@ -1279,8 +1289,8 @@ dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr)
 			authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1;
 #ifdef SCTP_AUTH_DEACTIVATE_KEY
 			sockopt_len = sizeof(struct sctp_authkeyid);
-			ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DEACTIVATE_KEY,
-			&authkeyid, sockopt_len);
+			ret = setsockopt(b->num, IPPROTO_SCTP,
+			    SCTP_AUTH_DEACTIVATE_KEY, &authkeyid, sockopt_len);
 			if (ret < 0)
 				break;
 #endif
diff --git a/src/lib/libssl/src/crypto/bio/bss_dgram.c b/src/lib/libssl/src/crypto/bio/bss_dgram.c
index caa8480657..afce2e5290 100644
--- a/src/lib/libssl/src/crypto/bio/bss_dgram.c
+++ b/src/lib/libssl/src/crypto/bio/bss_dgram.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bss_dgram.c,v 1.31 2014/07/11 08:44:47 jsing Exp $ */
+/* $OpenBSD: bss_dgram.c,v 1.32 2014/07/11 12:17:46 miod Exp $ */
 /* 
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
@@ -1166,7 +1166,6 @@ dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr)
 	bio_dgram_sctp_data *data = NULL;
 	socklen_t sockopt_len = 0;
 	struct sctp_authkeyid authkeyid;
-	struct sctp_authkey *authkey;
 
 	data = (bio_dgram_sctp_data *)b->ptr;
 
@@ -1208,48 +1207,58 @@ dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr)
 		ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_NODELAY, &data->in_handshake, sizeof(int));
 		break;
 	case BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY:
+	    {
+		struct sctp_authkey *authkey;
+
 		/* New shared key for SCTP AUTH.
 		 * Returns 0 on success, -1 otherwise.
 		 */
 
 		/* Get active key */
 		sockopt_len = sizeof(struct sctp_authkeyid);
-		ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid, &sockopt_len);
+		ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
+		    &authkeyid, &sockopt_len);
 		if (ret < 0)
 			break;
 
 		/* Add new key */
 		sockopt_len = sizeof(struct sctp_authkey) + 64 * sizeof(uint8_t);
 		authkey = calloc(1, sockopt_len);
+		if (authkey == NULL) {
+			ret = -1;
+			break;
+		}
 		authkey->sca_keynumber = authkeyid.scact_keynumber + 1;
 		authkey->sca_keylength = 64;
 		memcpy(&authkey->sca_key[0], ptr, 64 * sizeof(uint8_t));
 
-		ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_KEY, authkey, sockopt_len);
+		ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_KEY, authkey,
+		    sockopt_len);
 		free(authkey);
 		if (ret < 0)
 			break;
 
 		/* Reset active key */
 		ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
-		&authkeyid, sizeof(struct sctp_authkeyid));
+		    &authkeyid, sizeof(struct sctp_authkeyid));
 		if (ret < 0)
 			break;
-
+	    }
 		break;
 	case BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY:
 		/* Returns 0 on success, -1 otherwise. */
 
 		/* Get active key */
 		sockopt_len = sizeof(struct sctp_authkeyid);
-		ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid, &sockopt_len);
+		ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
+		    &authkeyid, &sockopt_len);
 		if (ret < 0)
 			break;
 
 		/* Set active key */
 		authkeyid.scact_keynumber = authkeyid.scact_keynumber + 1;
 		ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
-		&authkeyid, sizeof(struct sctp_authkeyid));
+		    &authkeyid, sizeof(struct sctp_authkeyid));
 		if (ret < 0)
 			break;
 
@@ -1269,7 +1278,8 @@ dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr)
 		if (data->ccs_rcvd == 1 && data->ccs_sent == 1) {
 			/* Get active key */
 			sockopt_len = sizeof(struct sctp_authkeyid);
-			ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid, &sockopt_len);
+			ret = getsockopt(b->num, IPPROTO_SCTP,
+			    SCTP_AUTH_ACTIVE_KEY, &authkeyid, &sockopt_len);
 			if (ret < 0)
 				break;
 
@@ -1279,8 +1289,8 @@ dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr)
 			authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1;
 #ifdef SCTP_AUTH_DEACTIVATE_KEY
 			sockopt_len = sizeof(struct sctp_authkeyid);
-			ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DEACTIVATE_KEY,
-			&authkeyid, sockopt_len);
+			ret = setsockopt(b->num, IPPROTO_SCTP,
+			    SCTP_AUTH_DEACTIVATE_KEY, &authkeyid, sockopt_len);
 			if (ret < 0)
 				break;
 #endif
-- 
cgit v1.2.3-55-g6feb