generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix memory leaks and other mistakes on errors

Browse Source 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Alessandro Ghedini 2015-10-08 14:38:57 +02:00 committed by Richard Levitte
parent 8acaabec42
commit 3f6c769187
9 changed files with 46 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
crypto/bn/bn_gf2m.c
View File

@ -574,7 +574,7 @@ int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[],
bn_check_top(a); bn_check_top(a);
BN_CTX_start(ctx); BN_CTX_start(ctx);
if ((s = BN_CTX_get(ctx)) == NULL) if ((s = BN_CTX_get(ctx)) == NULL)
return 0; goto err;
if (!bn_wexpand(s, 2 * a->top)) if (!bn_wexpand(s, 2 * a->top))
goto err; goto err;

4
crypto/bn/bn_recp.c
View File

@ -151,8 +151,10 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
if (BN_ucmp(m, &(recp->N)) < 0) { if (BN_ucmp(m, &(recp->N)) < 0) {
BN_zero(d); BN_zero(d);
if (!BN_copy(r, m)) if (!BN_copy(r, m)) {
BN_CTX_end(ctx);
return 0; return 0;
}
BN_CTX_end(ctx); BN_CTX_end(ctx);
return (1); return (1);
} }

7
crypto/bn/bn_x931p.c
View File

@ -214,14 +214,14 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
* exceeded. * exceeded.
*/ */
if (!BN_rand(Xp, nbits, 1, 0)) if (!BN_rand(Xp, nbits, 1, 0))
return 0; goto err;
BN_CTX_start(ctx); BN_CTX_start(ctx);
t = BN_CTX_get(ctx); t = BN_CTX_get(ctx);
for (i = 0; i < 1000; i++) { for (i = 0; i < 1000; i++) {
if (!BN_rand(Xq, nbits, 1, 0)) if (!BN_rand(Xq, nbits, 1, 0))
return 0; goto err;
/* Check that |Xp - Xq| > 2^(nbits - 100) */ /* Check that |Xp - Xq| > 2^(nbits - 100) */
BN_sub(t, Xp, Xq); BN_sub(t, Xp, Xq);
if (BN_num_bits(t) > (nbits - 100)) if (BN_num_bits(t) > (nbits - 100))
@ -235,6 +235,9 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
return 0; return 0;
err:
BN_CTX_end(ctx);
return 0;
} }
/* /*

6
crypto/dsa/dsa_gen.c
View File

@ -142,14 +142,14 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
memcpy(seed, seed_in, seed_len); memcpy(seed, seed_in, seed_len);
} }
if ((mont = BN_MONT_CTX_new()) == NULL)
goto err;
if ((ctx = BN_CTX_new()) == NULL) if ((ctx = BN_CTX_new()) == NULL)
goto err; goto err;
BN_CTX_start(ctx); BN_CTX_start(ctx);
if ((mont = BN_MONT_CTX_new()) == NULL)
goto err;
r0 = BN_CTX_get(ctx); r0 = BN_CTX_get(ctx);
g = BN_CTX_get(ctx); g = BN_CTX_get(ctx);
W = BN_CTX_get(ctx); W = BN_CTX_get(ctx);

4
crypto/evp/evp_key.c
View File

@ -137,7 +137,7 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
EVP_MD_CTX_init(&c); EVP_MD_CTX_init(&c);
for (;;) { for (;;) {
if (!EVP_DigestInit_ex(&c, md, NULL)) if (!EVP_DigestInit_ex(&c, md, NULL))
return 0; goto err;
if (addmd++) if (addmd++)
if (!EVP_DigestUpdate(&c, &(md_buf[0]), mds)) if (!EVP_DigestUpdate(&c, &(md_buf[0]), mds))
goto err; goto err;
@ -188,6 +188,6 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
rv = type->key_len; rv = type->key_len;
err: err:
EVP_MD_CTX_cleanup(&c); EVP_MD_CTX_cleanup(&c);
OPENSSL_cleanse(&(md_buf[0]), EVP_MAX_MD_SIZE); OPENSSL_cleanse(md_buf, sizeof(md_buf));
return rv; return rv;
} }

9
crypto/hmac/hm_ameth.c
View File

@ -108,9 +108,14 @@ static int old_hmac_decode(EVP_PKEY *pkey,
ASN1_OCTET_STRING *os; ASN1_OCTET_STRING *os;
os = ASN1_OCTET_STRING_new(); os = ASN1_OCTET_STRING_new();
if (!os || !ASN1_OCTET_STRING_set(os, *pder, derlen)) if (!os || !ASN1_OCTET_STRING_set(os, *pder, derlen))
return 0; goto err;
EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, os); if (!EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, os))
goto err;
return 1; return 1;
err:
ASN1_OCTET_STRING_free(os);
return 0;
} }
static int old_hmac_encode(const EVP_PKEY *pkey, unsigned char **pder) static int old_hmac_encode(const EVP_PKEY *pkey, unsigned char **pder)

8
crypto/pem/pvkfmt.c
View File

@ -686,23 +686,23 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in,
inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u); inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
if (inlen <= 0) { if (inlen <= 0) {
PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_PASSWORD_READ); PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_PASSWORD_READ);
return NULL; goto err;
} }
enctmp = OPENSSL_malloc(keylen + 8); enctmp = OPENSSL_malloc(keylen + 8);
if (!enctmp) { if (!enctmp) {
PEMerr(PEM_F_DO_PVK_BODY, ERR_R_MALLOC_FAILURE); PEMerr(PEM_F_DO_PVK_BODY, ERR_R_MALLOC_FAILURE);
return NULL; goto err;
} }
if (!derive_pvk_key(keybuf, p, saltlen, if (!derive_pvk_key(keybuf, p, saltlen,
(unsigned char *)psbuf, inlen)) (unsigned char *)psbuf, inlen))
return NULL; goto err;
p += saltlen; p += saltlen;
/* Copy BLOBHEADER across, decrypt rest */ /* Copy BLOBHEADER across, decrypt rest */
memcpy(enctmp, p, 8); memcpy(enctmp, p, 8);
p += 8; p += 8;
if (keylen < 8) { if (keylen < 8) {
PEMerr(PEM_F_DO_PVK_BODY, PEM_R_PVK_TOO_SHORT); PEMerr(PEM_F_DO_PVK_BODY, PEM_R_PVK_TOO_SHORT);
return NULL; goto err;
} }
inlen = keylen - 8; inlen = keylen - 8;
q = enctmp + 8; q = enctmp + 8;

27
crypto/pkcs12/p12_add.c
View File

@ -76,15 +76,19 @@ PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it,
bag->type = OBJ_nid2obj(nid1); bag->type = OBJ_nid2obj(nid1);
if (!ASN1_item_pack(obj, it, &bag->value.octet)) { if (!ASN1_item_pack(obj, it, &bag->value.octet)) {
PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
return NULL; goto err;
} }
if ((safebag = PKCS12_SAFEBAG_new()) == NULL) { if ((safebag = PKCS12_SAFEBAG_new()) == NULL) {
PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
return NULL; goto err;
} }
safebag->value.bag = bag; safebag->value.bag = bag;
safebag->type = OBJ_nid2obj(nid2); safebag->type = OBJ_nid2obj(nid2);
return safebag; return safebag;
err:
PKCS12_BAGS_free(bag);
return NULL;
} }
/* Turn PKCS8 object into a keybag */ /* Turn PKCS8 object into a keybag */
@ -129,6 +133,7 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter, PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter,
p8))) { p8))) {
PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE); PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
PKCS12_SAFEBAG_free(bag);
return NULL; return NULL;
} }
@ -147,14 +152,18 @@ PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
p7->type = OBJ_nid2obj(NID_pkcs7_data); p7->type = OBJ_nid2obj(NID_pkcs7_data);
if ((p7->d.data = ASN1_OCTET_STRING_new()) == NULL) { if ((p7->d.data = ASN1_OCTET_STRING_new()) == NULL) {
PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE); PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
return NULL; goto err;
} }
if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) { if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) {
PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE); PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE);
return NULL; goto err;
} }
return p7; return p7;
err:
PKCS7_free(p7);
return NULL;
} }
/* Unpack SAFEBAGS from PKCS#7 data ContentInfo */ /* Unpack SAFEBAGS from PKCS#7 data ContentInfo */
@ -185,7 +194,7 @@ PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
if (!PKCS7_set_type(p7, NID_pkcs7_encrypted)) { if (!PKCS7_set_type(p7, NID_pkcs7_encrypted)) {
PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA,
PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE); PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
return NULL; goto err;
} }
pbe_ciph = EVP_get_cipherbynid(pbe_nid); pbe_ciph = EVP_get_cipherbynid(pbe_nid);
@ -197,7 +206,7 @@ PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
if (!pbe) { if (!pbe) {
PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
return NULL; goto err;
} }
X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm); X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm);
p7->d.encrypted->enc_data->algorithm = pbe; p7->d.encrypted->enc_data->algorithm = pbe;
@ -206,10 +215,14 @@ PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass,
passlen, bags, 1))) { passlen, bags, 1))) {
PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR); PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR);
return NULL; goto err;
} }
return p7; return p7;
err:
PKCS7_free(p7);
return NULL;
} }
STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass,

1
ssl/s3_clnt.c
View File

@ -2411,6 +2411,7 @@ int ssl3_send_client_key_exchange(SSL *s)
|| (pkey->pkey.rsa == NULL)) { || (pkey->pkey.rsa == NULL)) {
SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
ERR_R_INTERNAL_ERROR); ERR_R_INTERNAL_ERROR);
EVP_PKEY_free(pkey);
goto err; goto err;
} }
rsa = pkey->pkey.rsa; rsa = pkey->pkey.rsa;