generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix dh_pub_encode

Browse Source 
The return value from ASN1_STRING_new() was not being checked which could
lead to a NULL deref in the event of a malloc failure. Also fixed a mem
leak in the error path.

Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
Matt Caswell 2015-03-11 20:08:16 +00:00
parent 34a7ed0c39
commit 6aa8dab2bb
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
crypto/dh/dh_ameth.c
View File

@ -151,7 +151,6 @@ static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
{
DH *dh;
void *pval = NULL;
int ptype;
unsigned char *penc = NULL;
int penclen;
@ -161,12 +160,15 @@ static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
dh = pkey->pkey.dh;
str = ASN1_STRING_new();
if(!str) {
DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
goto err;
}
str->length = i2d_dhp(pkey, dh, &str->data);
if (str->length <= 0) {
DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
goto err;
}
pval = str;
ptype = V_ASN1_SEQUENCE;
pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL);
@ -183,14 +185,14 @@ static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
}
if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id),
ptype, pval, penc, penclen))
ptype, str, penc, penclen))
return 1;
err:
if (penc)
OPENSSL_free(penc);
if (pval)
ASN1_STRING_free(pval);
if (str)
ASN1_STRING_free(str);
return 0;
}