generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix possible memory leak on BUF_MEM_grow_clean failure

Browse Source 
Simplify BUF_MEM init. code

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #580
This commit is contained in:
FdaSilvaYY
2016-01-21 23:09:57 +01:00
committed by Kurt Roeckx
parent 642a613809
commit 3eb70c5eba
1 changed files with 6 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
crypto/asn1/tasn_dec.c
View File

@@ -668,7 +668,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
long plen; long plen;
char cst, inf, free_cont = 0; char cst, inf, free_cont = 0;
const unsigned char *p; const unsigned char *p;
BUF_MEM buf = { 0 }; BUF_MEM buf = { 0, NULL, 0, 0 };
const unsigned char *cont = NULL; const unsigned char *cont = NULL;
long len; long len;
if (!pval) { if (!pval) {
@@ -744,7 +744,6 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
} else { } else {
len = p - cont + plen; len = p - cont + plen;
p += plen; p += plen;
buf.data = NULL;
} }
} else if (cst) { } else if (cst) {
if (utype == V_ASN1_NULL || utype == V_ASN1_BOOLEAN if (utype == V_ASN1_NULL || utype == V_ASN1_BOOLEAN
@@ -753,9 +752,9 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_TYPE_NOT_PRIMITIVE); ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_TYPE_NOT_PRIMITIVE);
return 0; return 0;
} }
buf.length = 0;
buf.max = 0; /* Free any returned 'buf' content */
buf.data = NULL; free_cont = 1;
/* /*
* Should really check the internal tags are correct but some things * Should really check the internal tags are correct but some things
* may get this wrong. The relevant specs say that constructed string * may get this wrong. The relevant specs say that constructed string
@@ -763,18 +762,16 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
* So instead just check for UNIVERSAL class and ignore the tag. * So instead just check for UNIVERSAL class and ignore the tag.
*/ */
if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0)) { if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0)) {
free_cont = 1;
goto err; goto err;
} }
len = buf.length; len = buf.length;
/* Append a final null to string */ /* Append a final null to string */
if (!BUF_MEM_grow_clean(&buf, len + 1)) { if (!BUF_MEM_grow_clean(&buf, len + 1)) {
ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE); ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE);
return 0; goto err;
} }
buf.data[len] = 0; buf.data[len] = 0;
cont = (const unsigned char *)buf.data; cont = (const unsigned char *)buf.data;
free_cont = 1;
} else { } else {
cont = p; cont = p;
len = plen; len = plen;
@@ -782,6 +779,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
} }
/* We now have content length and type: translate into a structure */ /* We now have content length and type: translate into a structure */
/* asn1_ex_c2i may reuse allocated buffer, and so sets free_cont to 0 */
if (!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it)) if (!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it))
goto err; goto err;