Check the return values where memory allocation failures may happen.
PR: 49
This commit is contained in:
		| @@ -151,7 +151,17 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai) | ||||
| 	else ret->type=V_ASN1_ENUMERATED; | ||||
| 	j=BN_num_bits(bn); | ||||
| 	len=((j == 0)?0:((j/8)+1)); | ||||
| 	ret->data=(unsigned char *)OPENSSL_malloc(len+4); | ||||
| 	if (ret->length < len+4) | ||||
| 		{ | ||||
| 		char *new_data=(char *)OPENSSL_realloc(ret->data, len+4); | ||||
| 		if (!new_data) | ||||
| 			{ | ||||
| 			ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE); | ||||
| 			goto err; | ||||
| 			} | ||||
| 		ret->data=new_data; | ||||
| 		} | ||||
|  | ||||
| 	ret->length=BN_bn2bin(bn,ret->data); | ||||
| 	return(ret); | ||||
| err: | ||||
|   | ||||
| @@ -397,7 +397,16 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai) | ||||
| 	else ret->type=V_ASN1_INTEGER; | ||||
| 	j=BN_num_bits(bn); | ||||
| 	len=((j == 0)?0:((j/8)+1)); | ||||
| 	ret->data=(unsigned char *)OPENSSL_malloc(len+4); | ||||
| 	if (ret->length < len+4) | ||||
| 		{ | ||||
| 		char *new_data=(char *)OPENSSL_realloc(ret->data, len+4); | ||||
| 		if (!new_data) | ||||
| 			{ | ||||
| 			ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE); | ||||
| 			goto err; | ||||
| 			} | ||||
| 		ret->data=new_data; | ||||
| 		} | ||||
| 	ret->length=BN_bn2bin(bn,ret->data); | ||||
| 	/* Correct zero case */ | ||||
| 	if(!ret->length) | ||||
|   | ||||
| @@ -118,7 +118,7 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, int (*func)(), int ex_tag, | ||||
| 		} | ||||
|  | ||||
|         pStart  = p; /* Catch the beg of Setblobs*/ | ||||
|         rgSetBlob = (MYBLOB *)OPENSSL_malloc( sk_num(a) * sizeof(MYBLOB)); /* In this array | ||||
|         if (!(rgSetBlob = (MYBLOB *)OPENSSL_malloc( sk_num(a) * sizeof(MYBLOB)))) return 0; /* In this array | ||||
| we will store the SET blobs */ | ||||
|  | ||||
|         for (i=0; i<sk_num(a); i++) | ||||
| @@ -135,7 +135,7 @@ SetBlob | ||||
|  /* Now we have to sort the blobs. I am using a simple algo. | ||||
|     *Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/ | ||||
|         qsort( rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp); | ||||
|         pTempMem = OPENSSL_malloc(totSize); | ||||
|         if (!(pTempMem = OPENSSL_malloc(totSize))) return 0; | ||||
|  | ||||
| /* Copy to temp mem */ | ||||
|         p = pTempMem; | ||||
|   | ||||
| @@ -119,7 +119,7 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) | ||||
| 		dsa->write_params=0; | ||||
| 		ASN1_TYPE_free(a->parameter); | ||||
| 		i=i2d_DSAparams(dsa,NULL); | ||||
| 		p=(unsigned char *)OPENSSL_malloc(i); | ||||
| 		if ((p=(unsigned char *)OPENSSL_malloc(i)) == NULL) goto err; | ||||
| 		pp=p; | ||||
| 		i2d_DSAparams(dsa,&pp); | ||||
| 		a->parameter=ASN1_TYPE_new(); | ||||
| @@ -136,7 +136,11 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) | ||||
| 		} | ||||
|  | ||||
| 	if ((i=i2d_PublicKey(pkey,NULL)) <= 0) goto err; | ||||
| 	if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL) goto err; | ||||
| 	if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL) | ||||
| 		{ | ||||
| 		X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); | ||||
| 		goto err; | ||||
| 		} | ||||
| 	p=s; | ||||
| 	i2d_PublicKey(pkey,&p); | ||||
| 	if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i)) goto err; | ||||
|   | ||||
| @@ -103,7 +103,7 @@ static int nbiof_new(BIO *bi) | ||||
| 	{ | ||||
| 	NBIO_TEST *nt; | ||||
|  | ||||
| 	nt=(NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST)); | ||||
| 	if (!(nt=(NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST)))) return(0); | ||||
| 	nt->lrn= -1; | ||||
| 	nt->lwn= -1; | ||||
| 	bi->ptr=(char *)nt; | ||||
|   | ||||
| @@ -200,10 +200,10 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, | ||||
|  | ||||
| 	/* First we normalise the numbers */ | ||||
| 	norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2); | ||||
| 	BN_lshift(sdiv,divisor,norm_shift); | ||||
| 	if (!(BN_lshift(sdiv,divisor,norm_shift))) goto err; | ||||
| 	sdiv->neg=0; | ||||
| 	norm_shift+=BN_BITS2; | ||||
| 	BN_lshift(snum,num,norm_shift); | ||||
| 	if (!(BN_lshift(snum,num,norm_shift))) goto err; | ||||
| 	snum->neg=0; | ||||
| 	div_n=sdiv->top; | ||||
| 	num_n=snum->top; | ||||
| @@ -327,7 +327,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, | ||||
| 		tmp->top=j; | ||||
|  | ||||
| 		j=wnum.top; | ||||
| 		BN_sub(&wnum,&wnum,tmp); | ||||
| 		if (!BN_sub(&wnum,&wnum,tmp)) goto err; | ||||
|  | ||||
| 		snum->top=snum->top+wnum.top-j; | ||||
|  | ||||
| @@ -335,7 +335,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, | ||||
| 			{ | ||||
| 			q--; | ||||
| 			j=wnum.top; | ||||
| 			BN_add(&wnum,&wnum,sdiv); | ||||
| 			if (!BN_add(&wnum,&wnum,sdiv)) goto err; | ||||
| 			snum->top+=wnum.top-j; | ||||
| 			} | ||||
| 		*(resp--)=q; | ||||
|   | ||||
| @@ -221,7 +221,7 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, | ||||
|  | ||||
| 	if (!BN_mul(t1,t2,&mont->N,ctx)) goto err; | ||||
| 	if (!BN_add(t2,a,t1)) goto err; | ||||
| 	BN_rshift(ret,t2,mont->ri); | ||||
| 	if (!BN_rshift(ret,t2,mont->ri)) goto err; | ||||
| #endif /* MONT_WORD */ | ||||
|  | ||||
| 	if (BN_ucmp(ret, &(mont->N)) >= 0) | ||||
| @@ -282,8 +282,8 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) | ||||
| 		BN_ULONG buf[2]; | ||||
|  | ||||
| 		mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2; | ||||
| 		BN_zero(R); | ||||
| 		BN_set_bit(R,BN_BITS2);			/* R */ | ||||
| 		if (!(BN_zero(R))) goto err; | ||||
| 		if (!(BN_set_bit(R,BN_BITS2))) goto err;	/* R */ | ||||
|  | ||||
| 		buf[0]=mod->d[0]; /* tmod = N mod word size */ | ||||
| 		buf[1]=0; | ||||
|   | ||||
| @@ -964,7 +964,7 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) | ||||
|  | ||||
| 	if ((al == 0) || (bl == 0)) | ||||
| 		{ | ||||
| 		BN_zero(r); | ||||
| 		if (!BN_zero(r)) goto err; | ||||
| 		return(1); | ||||
| 		} | ||||
| 	top=al+bl; | ||||
| @@ -1044,7 +1044,7 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) | ||||
| 		if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA)) | ||||
| 			{ | ||||
| 			BIGNUM *tmp_bn = (BIGNUM *)b; | ||||
| 			bn_wexpand(tmp_bn,al); | ||||
| 			if (bn_wexpand(tmp_bn,al) == NULL) goto err; | ||||
| 			tmp_bn->d[bl]=0; | ||||
| 			bl++; | ||||
| 			i--; | ||||
| @@ -1052,7 +1052,7 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) | ||||
| 		else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA)) | ||||
| 			{ | ||||
| 			BIGNUM *tmp_bn = (BIGNUM *)a; | ||||
| 			bn_wexpand(tmp_bn,bl); | ||||
| 			if (bn_wexpand(tmp_bn,bl) == NULL) goto err; | ||||
| 			tmp_bn->d[al]=0; | ||||
| 			al++; | ||||
| 			i++; | ||||
| @@ -1067,14 +1067,14 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) | ||||
| 			t = BN_CTX_get(ctx); | ||||
| 			if (al == j) /* exact multiple */ | ||||
| 				{ | ||||
| 				bn_wexpand(t,k*2); | ||||
| 				bn_wexpand(rr,k*2); | ||||
| 				if (bn_wexpand(t,k*2) == NULL) goto err; | ||||
| 				if (bn_wexpand(rr,k*2) == NULL) goto err; | ||||
| 				bn_mul_recursive(rr->d,a->d,b->d,al,t->d); | ||||
| 				} | ||||
| 			else | ||||
| 				{ | ||||
| 				bn_wexpand(t,k*4); | ||||
| 				bn_wexpand(rr,k*4); | ||||
| 				if (bn_wexpand(t,k*4) == NULL) goto err; | ||||
| 				if (bn_wexpand(rr,k*4) == NULL) goto err; | ||||
| 				bn_mul_part_recursive(rr->d,a->d,b->d,al-j,j,t->d); | ||||
| 				} | ||||
| 			rr->top=top; | ||||
|   | ||||
| @@ -110,8 +110,8 @@ static int enc_new(BIO *bi) | ||||
| 	BIO_ENC_CTX *ctx; | ||||
|  | ||||
| 	ctx=(BIO_ENC_CTX *)OPENSSL_malloc(sizeof(BIO_ENC_CTX)); | ||||
| 	EVP_CIPHER_CTX_init(&ctx->cipher); | ||||
| 	if (ctx == NULL) return(0); | ||||
| 	EVP_CIPHER_CTX_init(&ctx->cipher); | ||||
|  | ||||
| 	ctx->buf_len=0; | ||||
| 	ctx->buf_off=0; | ||||
|   | ||||
| @@ -79,6 +79,8 @@ int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *), | ||||
| 		{ | ||||
| 		MemCheck_off(); | ||||
| 		name_funcs = OPENSSL_malloc(sizeof(NAME_FUNCS)); | ||||
| 		MemCheck_on(); | ||||
| 		if (!name_funcs) return(0); | ||||
| 		name_funcs->hash_func = lh_strhash; | ||||
| 		name_funcs->cmp_func = OPENSSL_strcmp; | ||||
| 		name_funcs->free_func = 0; /* NULL is often declared to | ||||
| @@ -86,6 +88,7 @@ int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *), | ||||
| 						* to Compaq C is not really | ||||
| 						* compatible with a function | ||||
| 						* pointer.	-- Richard Levitte*/ | ||||
| 		MemCheck_off(); | ||||
| 		sk_NAME_FUNCS_push(name_funcs_stack,name_funcs); | ||||
| 		MemCheck_on(); | ||||
| 		} | ||||
|   | ||||
| @@ -236,7 +236,7 @@ int OBJ_add_object(const ASN1_OBJECT *obj) | ||||
| 	if (added == NULL) | ||||
| 		if (!init_added()) return(0); | ||||
| 	if ((o=OBJ_dup(obj)) == NULL) goto err; | ||||
| 	ao[ADDED_NID]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)); | ||||
| 	if (!(ao[ADDED_NID]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err; | ||||
| 	if ((o->length != 0) && (obj->data != NULL)) | ||||
| 		ao[ADDED_DATA]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)); | ||||
| 	if (o->sn != NULL) | ||||
|   | ||||
| @@ -479,10 +479,10 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) | ||||
| 	int ret=0; | ||||
| 	BN_CTX *ctx; | ||||
|  | ||||
| 	if ((ctx=BN_CTX_new()) == NULL) goto err; | ||||
| 	BN_init(&m1); | ||||
| 	BN_init(&r1); | ||||
| 	BN_init(&vrfy); | ||||
| 	if ((ctx=BN_CTX_new()) == NULL) goto err; | ||||
|  | ||||
| 	if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) | ||||
| 		{ | ||||
|   | ||||
| @@ -122,7 +122,7 @@ TXT_DB *TXT_DB_read(BIO *in, int num) | ||||
| 		else | ||||
| 			{ | ||||
| 			buf->data[offset-1]='\0'; /* blat the '\n' */ | ||||
| 			p=(char *)OPENSSL_malloc(add+offset); | ||||
| 			if (!(p=(char *)OPENSSL_malloc(add+offset))) goto err; | ||||
| 			offset=0; | ||||
| 			} | ||||
| 		pp=(char **)p; | ||||
|   | ||||
| @@ -82,7 +82,7 @@ static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, | ||||
| { | ||||
| 	char *tmp; | ||||
| 	if(!ia5 || !ia5->length) return NULL; | ||||
| 	tmp = OPENSSL_malloc(ia5->length + 1); | ||||
| 	if (!(tmp = OPENSSL_malloc(ia5->length + 1))) return NULL; | ||||
| 	memcpy(tmp, ia5->data, ia5->length); | ||||
| 	tmp[ia5->length] = 0; | ||||
| 	return tmp; | ||||
|   | ||||
		Reference in New Issue
	
	Block a user
	 Richard Levitte
					Richard Levitte