Check the return values where memory allocation failures may happen.
PR: 49
This commit is contained in:
Richard Levitte
parent
2640aec227
commit
c4ac954c59
@ -151,7 +151,17 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
|
|||||||
else ret->type=V_ASN1_ENUMERATED;
|
else ret->type=V_ASN1_ENUMERATED;
|
||||||
j=BN_num_bits(bn);
|
j=BN_num_bits(bn);
|
||||||
len=((j == 0)?0:((j/8)+1));
|
len=((j == 0)?0:((j/8)+1));
|
||||||
ret->data=(unsigned char *)OPENSSL_malloc(len+4);
|
if (ret->length < len+4)
|
||||||
|
{
|
||||||
|
char *new_data=(char *)OPENSSL_realloc(ret->data, len+4);
|
||||||
|
if (!new_data)
|
||||||
|
{
|
||||||
|
ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
ret->data=new_data;
|
||||||
|
}
|
||||||
|
|
||||||
ret->length=BN_bn2bin(bn,ret->data);
|
ret->length=BN_bn2bin(bn,ret->data);
|
||||||
return(ret);
|
return(ret);
|
||||||
err:
|
err:
|
||||||
|
|||||||
@ -397,7 +397,16 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
|
|||||||
else ret->type=V_ASN1_INTEGER;
|
else ret->type=V_ASN1_INTEGER;
|
||||||
j=BN_num_bits(bn);
|
j=BN_num_bits(bn);
|
||||||
len=((j == 0)?0:((j/8)+1));
|
len=((j == 0)?0:((j/8)+1));
|
||||||
ret->data=(unsigned char *)OPENSSL_malloc(len+4);
|
if (ret->length < len+4)
|
||||||
|
{
|
||||||
|
char *new_data=(char *)OPENSSL_realloc(ret->data, len+4);
|
||||||
|
if (!new_data)
|
||||||
|
{
|
||||||
|
ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
ret->data=new_data;
|
||||||
|
}
|
||||||
ret->length=BN_bn2bin(bn,ret->data);
|
ret->length=BN_bn2bin(bn,ret->data);
|
||||||
/* Correct zero case */
|
/* Correct zero case */
|
||||||
if(!ret->length)
|
if(!ret->length)
|
||||||
|
|||||||
@ -118,7 +118,7 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, int (*func)(), int ex_tag,
|
|||||||
}
|
}
|
||||||
|
|
||||||
pStart = p; /* Catch the beg of Setblobs*/
|
pStart = p; /* Catch the beg of Setblobs*/
|
||||||
rgSetBlob = (MYBLOB *)OPENSSL_malloc( sk_num(a) * sizeof(MYBLOB)); /* In this array
|
if (!(rgSetBlob = (MYBLOB *)OPENSSL_malloc( sk_num(a) * sizeof(MYBLOB)))) return 0; /* In this array
|
||||||
we will store the SET blobs */
|
we will store the SET blobs */
|
||||||
|
|
||||||
for (i=0; i<sk_num(a); i++)
|
for (i=0; i<sk_num(a); i++)
|
||||||
@ -135,7 +135,7 @@ SetBlob
|
|||||||
/* Now we have to sort the blobs. I am using a simple algo.
|
/* Now we have to sort the blobs. I am using a simple algo.
|
||||||
*Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/
|
*Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/
|
||||||
qsort( rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp);
|
qsort( rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp);
|
||||||
pTempMem = OPENSSL_malloc(totSize);
|
if (!(pTempMem = OPENSSL_malloc(totSize))) return 0;
|
||||||
|
|
||||||
/* Copy to temp mem */
|
/* Copy to temp mem */
|
||||||
p = pTempMem;
|
p = pTempMem;
|
||||||
|
|||||||
@ -119,7 +119,7 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
|
|||||||
dsa->write_params=0;
|
dsa->write_params=0;
|
||||||
ASN1_TYPE_free(a->parameter);
|
ASN1_TYPE_free(a->parameter);
|
||||||
i=i2d_DSAparams(dsa,NULL);
|
i=i2d_DSAparams(dsa,NULL);
|
||||||
p=(unsigned char *)OPENSSL_malloc(i);
|
if ((p=(unsigned char *)OPENSSL_malloc(i)) == NULL) goto err;
|
||||||
pp=p;
|
pp=p;
|
||||||
i2d_DSAparams(dsa,&pp);
|
i2d_DSAparams(dsa,&pp);
|
||||||
a->parameter=ASN1_TYPE_new();
|
a->parameter=ASN1_TYPE_new();
|
||||||
@ -136,7 +136,11 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ((i=i2d_PublicKey(pkey,NULL)) <= 0) goto err;
|
if ((i=i2d_PublicKey(pkey,NULL)) <= 0) goto err;
|
||||||
if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL) goto err;
|
if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL)
|
||||||
|
{
|
||||||
|
X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
p=s;
|
p=s;
|
||||||
i2d_PublicKey(pkey,&p);
|
i2d_PublicKey(pkey,&p);
|
||||||
if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i)) goto err;
|
if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i)) goto err;
|
||||||
|
|||||||
@ -103,7 +103,7 @@ static int nbiof_new(BIO *bi)
|
|||||||
{
|
{
|
||||||
NBIO_TEST *nt;
|
NBIO_TEST *nt;
|
||||||
|
|
||||||
nt=(NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST));
|
if (!(nt=(NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST)))) return(0);
|
||||||
nt->lrn= -1;
|
nt->lrn= -1;
|
||||||
nt->lwn= -1;
|
nt->lwn= -1;
|
||||||
bi->ptr=(char *)nt;
|
bi->ptr=(char *)nt;
|
||||||
|
|||||||
@ -200,10 +200,10 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
|
|||||||
|
|
||||||
/* First we normalise the numbers */
|
/* First we normalise the numbers */
|
||||||
norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
|
norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
|
||||||
BN_lshift(sdiv,divisor,norm_shift);
|
if (!(BN_lshift(sdiv,divisor,norm_shift))) goto err;
|
||||||
sdiv->neg=0;
|
sdiv->neg=0;
|
||||||
norm_shift+=BN_BITS2;
|
norm_shift+=BN_BITS2;
|
||||||
BN_lshift(snum,num,norm_shift);
|
if (!(BN_lshift(snum,num,norm_shift))) goto err;
|
||||||
snum->neg=0;
|
snum->neg=0;
|
||||||
div_n=sdiv->top;
|
div_n=sdiv->top;
|
||||||
num_n=snum->top;
|
num_n=snum->top;
|
||||||
@ -327,7 +327,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
|
|||||||
tmp->top=j;
|
tmp->top=j;
|
||||||
|
|
||||||
j=wnum.top;
|
j=wnum.top;
|
||||||
BN_sub(&wnum,&wnum,tmp);
|
if (!BN_sub(&wnum,&wnum,tmp)) goto err;
|
||||||
|
|
||||||
snum->top=snum->top+wnum.top-j;
|
snum->top=snum->top+wnum.top-j;
|
||||||
|
|
||||||
@ -335,7 +335,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
|
|||||||
{
|
{
|
||||||
q--;
|
q--;
|
||||||
j=wnum.top;
|
j=wnum.top;
|
||||||
BN_add(&wnum,&wnum,sdiv);
|
if (!BN_add(&wnum,&wnum,sdiv)) goto err;
|
||||||
snum->top+=wnum.top-j;
|
snum->top+=wnum.top-j;
|
||||||
}
|
}
|
||||||
*(resp--)=q;
|
*(resp--)=q;
|
||||||
|
|||||||
@ -221,7 +221,7 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
|
|||||||
|
|
||||||
if (!BN_mul(t1,t2,&mont->N,ctx)) goto err;
|
if (!BN_mul(t1,t2,&mont->N,ctx)) goto err;
|
||||||
if (!BN_add(t2,a,t1)) goto err;
|
if (!BN_add(t2,a,t1)) goto err;
|
||||||
BN_rshift(ret,t2,mont->ri);
|
if (!BN_rshift(ret,t2,mont->ri)) goto err;
|
||||||
#endif /* MONT_WORD */
|
#endif /* MONT_WORD */
|
||||||
|
|
||||||
if (BN_ucmp(ret, &(mont->N)) >= 0)
|
if (BN_ucmp(ret, &(mont->N)) >= 0)
|
||||||
@ -282,8 +282,8 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
|
|||||||
BN_ULONG buf[2];
|
BN_ULONG buf[2];
|
||||||
|
|
||||||
mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
|
mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
|
||||||
BN_zero(R);
|
if (!(BN_zero(R))) goto err;
|
||||||
BN_set_bit(R,BN_BITS2); /* R */
|
if (!(BN_set_bit(R,BN_BITS2))) goto err; /* R */
|
||||||
|
|
||||||
buf[0]=mod->d[0]; /* tmod = N mod word size */
|
buf[0]=mod->d[0]; /* tmod = N mod word size */
|
||||||
buf[1]=0;
|
buf[1]=0;
|
||||||
|
|||||||
@ -964,7 +964,7 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
|
|||||||
|
|
||||||
if ((al == 0) || (bl == 0))
|
if ((al == 0) || (bl == 0))
|
||||||
{
|
{
|
||||||
BN_zero(r);
|
if (!BN_zero(r)) goto err;
|
||||||
return(1);
|
return(1);
|
||||||
}
|
}
|
||||||
top=al+bl;
|
top=al+bl;
|
||||||
@ -1044,7 +1044,7 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
|
|||||||
if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA))
|
if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA))
|
||||||
{
|
{
|
||||||
BIGNUM *tmp_bn = (BIGNUM *)b;
|
BIGNUM *tmp_bn = (BIGNUM *)b;
|
||||||
bn_wexpand(tmp_bn,al);
|
if (bn_wexpand(tmp_bn,al) == NULL) goto err;
|
||||||
tmp_bn->d[bl]=0;
|
tmp_bn->d[bl]=0;
|
||||||
bl++;
|
bl++;
|
||||||
i--;
|
i--;
|
||||||
@ -1052,7 +1052,7 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
|
|||||||
else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA))
|
else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA))
|
||||||
{
|
{
|
||||||
BIGNUM *tmp_bn = (BIGNUM *)a;
|
BIGNUM *tmp_bn = (BIGNUM *)a;
|
||||||
bn_wexpand(tmp_bn,bl);
|
if (bn_wexpand(tmp_bn,bl) == NULL) goto err;
|
||||||
tmp_bn->d[al]=0;
|
tmp_bn->d[al]=0;
|
||||||
al++;
|
al++;
|
||||||
i++;
|
i++;
|
||||||
@ -1067,14 +1067,14 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
|
|||||||
t = BN_CTX_get(ctx);
|
t = BN_CTX_get(ctx);
|
||||||
if (al == j) /* exact multiple */
|
if (al == j) /* exact multiple */
|
||||||
{
|
{
|
||||||
bn_wexpand(t,k*2);
|
if (bn_wexpand(t,k*2) == NULL) goto err;
|
||||||
bn_wexpand(rr,k*2);
|
if (bn_wexpand(rr,k*2) == NULL) goto err;
|
||||||
bn_mul_recursive(rr->d,a->d,b->d,al,t->d);
|
bn_mul_recursive(rr->d,a->d,b->d,al,t->d);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
bn_wexpand(t,k*4);
|
if (bn_wexpand(t,k*4) == NULL) goto err;
|
||||||
bn_wexpand(rr,k*4);
|
if (bn_wexpand(rr,k*4) == NULL) goto err;
|
||||||
bn_mul_part_recursive(rr->d,a->d,b->d,al-j,j,t->d);
|
bn_mul_part_recursive(rr->d,a->d,b->d,al-j,j,t->d);
|
||||||
}
|
}
|
||||||
rr->top=top;
|
rr->top=top;
|
||||||
|
|||||||
@ -110,8 +110,8 @@ static int enc_new(BIO *bi)
|
|||||||
BIO_ENC_CTX *ctx;
|
BIO_ENC_CTX *ctx;
|
||||||
|
|
||||||
ctx=(BIO_ENC_CTX *)OPENSSL_malloc(sizeof(BIO_ENC_CTX));
|
ctx=(BIO_ENC_CTX *)OPENSSL_malloc(sizeof(BIO_ENC_CTX));
|
||||||
EVP_CIPHER_CTX_init(&ctx->cipher);
|
|
||||||
if (ctx == NULL) return(0);
|
if (ctx == NULL) return(0);
|
||||||
|
EVP_CIPHER_CTX_init(&ctx->cipher);
|
||||||
|
|
||||||
ctx->buf_len=0;
|
ctx->buf_len=0;
|
||||||
ctx->buf_off=0;
|
ctx->buf_off=0;
|
||||||
|
|||||||
@ -79,6 +79,8 @@ int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),
|
|||||||
{
|
{
|
||||||
MemCheck_off();
|
MemCheck_off();
|
||||||
name_funcs = OPENSSL_malloc(sizeof(NAME_FUNCS));
|
name_funcs = OPENSSL_malloc(sizeof(NAME_FUNCS));
|
||||||
|
MemCheck_on();
|
||||||
|
if (!name_funcs) return(0);
|
||||||
name_funcs->hash_func = lh_strhash;
|
name_funcs->hash_func = lh_strhash;
|
||||||
name_funcs->cmp_func = OPENSSL_strcmp;
|
name_funcs->cmp_func = OPENSSL_strcmp;
|
||||||
name_funcs->free_func = 0; /* NULL is often declared to
|
name_funcs->free_func = 0; /* NULL is often declared to
|
||||||
@ -86,6 +88,7 @@ int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),
|
|||||||
* to Compaq C is not really
|
* to Compaq C is not really
|
||||||
* compatible with a function
|
* compatible with a function
|
||||||
* pointer. -- Richard Levitte*/
|
* pointer. -- Richard Levitte*/
|
||||||
|
MemCheck_off();
|
||||||
sk_NAME_FUNCS_push(name_funcs_stack,name_funcs);
|
sk_NAME_FUNCS_push(name_funcs_stack,name_funcs);
|
||||||
MemCheck_on();
|
MemCheck_on();
|
||||||
}
|
}
|
||||||
|
|||||||
@ -236,7 +236,7 @@ int OBJ_add_object(const ASN1_OBJECT *obj)
|
|||||||
if (added == NULL)
|
if (added == NULL)
|
||||||
if (!init_added()) return(0);
|
if (!init_added()) return(0);
|
||||||
if ((o=OBJ_dup(obj)) == NULL) goto err;
|
if ((o=OBJ_dup(obj)) == NULL) goto err;
|
||||||
ao[ADDED_NID]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ));
|
if (!(ao[ADDED_NID]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err;
|
||||||
if ((o->length != 0) && (obj->data != NULL))
|
if ((o->length != 0) && (obj->data != NULL))
|
||||||
ao[ADDED_DATA]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ));
|
ao[ADDED_DATA]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ));
|
||||||
if (o->sn != NULL)
|
if (o->sn != NULL)
|
||||||
|
|||||||
@ -479,10 +479,10 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
|
|||||||
int ret=0;
|
int ret=0;
|
||||||
BN_CTX *ctx;
|
BN_CTX *ctx;
|
||||||
|
|
||||||
if ((ctx=BN_CTX_new()) == NULL) goto err;
|
|
||||||
BN_init(&m1);
|
BN_init(&m1);
|
||||||
BN_init(&r1);
|
BN_init(&r1);
|
||||||
BN_init(&vrfy);
|
BN_init(&vrfy);
|
||||||
|
if ((ctx=BN_CTX_new()) == NULL) goto err;
|
||||||
|
|
||||||
if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
|
if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
|
||||||
{
|
{
|
||||||
|
|||||||
@ -122,7 +122,7 @@ TXT_DB *TXT_DB_read(BIO *in, int num)
|
|||||||
else
|
else
|
||||||
{
|
{
|
||||||
buf->data[offset-1]='\0'; /* blat the '\n' */
|
buf->data[offset-1]='\0'; /* blat the '\n' */
|
||||||
p=(char *)OPENSSL_malloc(add+offset);
|
if (!(p=(char *)OPENSSL_malloc(add+offset))) goto err;
|
||||||
offset=0;
|
offset=0;
|
||||||
}
|
}
|
||||||
pp=(char **)p;
|
pp=(char **)p;
|
||||||
|
|||||||
@ -82,7 +82,7 @@ static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
|
|||||||
{
|
{
|
||||||
char *tmp;
|
char *tmp;
|
||||||
if(!ia5 || !ia5->length) return NULL;
|
if(!ia5 || !ia5->length) return NULL;
|
||||||
tmp = OPENSSL_malloc(ia5->length + 1);
|
if (!(tmp = OPENSSL_malloc(ia5->length + 1))) return NULL;
|
||||||
memcpy(tmp, ia5->data, ia5->length);
|
memcpy(tmp, ia5->data, ia5->length);
|
||||||
tmp[ia5->length] = 0;
|
tmp[ia5->length] = 0;
|
||||||
return tmp;
|
return tmp;
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user