Memory leak and NULL dereference fixes.

PR#3403
2014-06-27 03:21:10 +01:00 · 2014-06-27 03:21:10 +01:00 · d2aea03829
commit d2aea03829
parent 3b3b69ab25
11 changed files with 63 additions and 12 deletions
--- a/apps/apps.c
+++ b/apps/apps.c
@ -394,6 +394,8 @@ int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
 		{
 		arg->count=20;
 		arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count);
 		if (arg->data == NULL)
 			return 0;
 		}
 	for (i=0; i<arg->count; i++)
 		arg->data[i]=NULL;
@ -1663,6 +1665,8 @@ char *make_config_name()
 	len=strlen(t)+strlen(OPENSSL_CONF)+2;
 	p=OPENSSL_malloc(len);
 	if (p == NULL)
 		return NULL;
 	BUF_strlcpy(p,t,len);
 #ifndef OPENSSL_SYS_VMS
 	BUF_strlcat(p,"/",len);
--- a/apps/ca.c
+++ b/apps/ca.c
@ -2800,6 +2800,9 @@ char *make_revocation_str(int rev_type, char *rev_arg)
 	revtm = X509_gmtime_adj(NULL, 0);
 	if (!revtm)
 		return NULL;
 	i = revtm->length + 1;
 	if (reason) i += strlen(reason) + 1;
--- a/apps/crl2p7.c
+++ b/apps/crl2p7.c
@ -141,7 +141,13 @@ int MAIN(int argc, char **argv)
 			{
 			if (--argc < 1) goto bad;
 			if(!certflst) certflst = sk_OPENSSL_STRING_new_null();
-			sk_OPENSSL_STRING_push(certflst,*(++argv));
+			if (!certflst)
 				goto end;
 			if (!sk_OPENSSL_STRING_push(certflst,*(++argv)))
 				{
 				sk_OPENSSL_STRING_free(certflst);
 				goto end;
 				}
 			}
 		else
 			{
--- a/crypto/asn1/a_utctm.c
+++ b/crypto/asn1/a_utctm.c
@ -240,24 +240,29 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
 	struct tm *ts;
 	struct tm data;
 	size_t len = 20;
 	int free_s = 0;
 	if (s == NULL)
 		{
 		free_s = 1;
 		s=M_ASN1_UTCTIME_new();
 		}
 	if (s == NULL)
-		return(NULL);
+		goto err;
 	ts=OPENSSL_gmtime(&t, &data);
 	if (ts == NULL)
-		return(NULL);
+		goto err;
 	if (offset_day || offset_sec)
 		{ 
 		if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
-			return NULL;
+			goto err;
 		}
 	if((ts->tm_year < 50) || (ts->tm_year >= 150))
-		return NULL;
+		goto err;
 	p=(char *)s->data;
 	if ((p == NULL) || ((size_t)s->length < len))
@ -266,7 +271,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
 		if (p == NULL)
 			{
 			ASN1err(ASN1_F_ASN1_UTCTIME_ADJ,ERR_R_MALLOC_FAILURE);
-			return(NULL);
+			goto err;
 			}
 		if (s->data != NULL)
 			OPENSSL_free(s->data);
@ -281,6 +286,10 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
 	ebcdic2ascii(s->data, s->data, s->length);
 #endif
 	return(s);
 	err:
 	if (free_s && s)
 		M_ASN1_UTCTIME_free(s);
 	return NULL;
 	}
--- a/crypto/asn1/ameth_lib.c
+++ b/crypto/asn1/ameth_lib.c
@ -262,7 +262,12 @@ int EVP_PKEY_asn1_add_alias(int to, int from)
 	if (!ameth)
 		return 0;
 	ameth->pkey_base_id = to;
-	return EVP_PKEY_asn1_add0(ameth);
+	if (!EVP_PKEY_asn1_add0(ameth))
 		{
 		EVP_PKEY_asn1_free(ameth);
 		return 0;
 		}
 	return 1;
 	}
 int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *ppkey_base_id, int *ppkey_flags,
--- a/crypto/asn1/asn_mime.c
+++ b/crypto/asn1/asn_mime.c
@ -683,6 +683,8 @@ static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio)
 	int len, state, save_state = 0;
 	headers = sk_MIME_HEADER_new(mime_hdr_cmp);
 	if (!headers)
 		return NULL;
 	while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
 	/* If whitespace at line start then continuation line */
 	if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME;
--- a/crypto/asn1/asn_pack.c
+++ b/crypto/asn1/asn_pack.c
@ -134,15 +134,23 @@ ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, ASN1_STRING **oct)
 	if (!(octmp->length = i2d(obj, NULL))) {
 		ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR);
-		return NULL;
+		goto err;
 	}
 	if (!(p = OPENSSL_malloc (octmp->length))) {
 		ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
-		return NULL;
+		goto err;
 	}
 	octmp->data = p;
 	i2d (obj, &p);
 	return octmp;
 	err:
 	if (!oct || !*oct)
 		{
 		ASN1_STRING_free(octmp);
 		if (oct)
 			*oct = NULL;
 		}
 	return NULL;
 }
 #endif
--- a/crypto/asn1/bio_asn1.c
+++ b/crypto/asn1/bio_asn1.c
@ -154,7 +154,10 @@ static int asn1_bio_new(BIO *b)
 	if (!ctx)
 		return 0;
 	if (!asn1_bio_init(ctx, DEFAULT_ASN1_BUF_SIZE))
 		{
 		OPENSSL_free(ctx);
 		return 0;
 		}
 	b->init = 1;
 	b->ptr = (char *)ctx;
 	b->flags = 0;
--- a/crypto/asn1/evp_asn1.c
+++ b/crypto/asn1/evp_asn1.c
@ -66,7 +66,11 @@ int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len)
 	ASN1_STRING *os;
 	if ((os=M_ASN1_OCTET_STRING_new()) == NULL) return(0);
-	if (!M_ASN1_OCTET_STRING_set(os,data,len)) return(0);
+	if (!M_ASN1_OCTET_STRING_set(os,data,len))
 		{
 		M_ASN1_OCTET_STRING_free(os);
 		return 0;
 		}
 	ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,os);
 	return(1);
 	}
--- a/crypto/asn1/t_x509.c
+++ b/crypto/asn1/t_x509.c
@ -493,6 +493,8 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
 	l=80-2-obase;
 	b=X509_NAME_oneline(name,NULL,0);
 	if (!b)
 		return 0;
 	if (!*b)
 		{
 		OPENSSL_free(b);
--- a/crypto/asn1/tasn_enc.c
+++ b/crypto/asn1/tasn_enc.c
@ -453,9 +453,14 @@ static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
 			{
 			derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk)
 						* sizeof(*derlst));
-			tmpdat = OPENSSL_malloc(skcontlen);
+			if (!derlst)
 			if (!derlst || !tmpdat)
 				return 0;
 			tmpdat = OPENSSL_malloc(skcontlen);
 			if (!tmpdat)
 				{
 				OPENSSL_free(derlst);
 				return 0;
 				}
 			}
 		}
 	/* If not sorting just output each item */