[openssl-commits] [openssl] OpenSSL source code branch master updated. 5b17b79a895bb9eace11d4596acadaa2ed69cf2d

Kurt Roeckx kurt at openssl.org
Wed Dec 10 12:35:44 EST 2014


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OpenSSL source code".

The branch, master has been updated
       via  5b17b79a895bb9eace11d4596acadaa2ed69cf2d (commit)
       via  3a7581bf5ae3579e506b18f4b36c266c84890450 (commit)
       via  288b4e4f8f97069db63fdca6f6dddcf56282b03d (commit)
       via  c27dc3981cd676cdd6dba00b06d6146545fc63fc (commit)
       via  fed5b5525204a6892c936173d9336c479fa83941 (commit)
       via  e9e688effbd5f94e9a8614ca0181a9c8a596a6e1 (commit)
       via  bf8e7047aa888bdba4a89fd0d03862ebec2d302c (commit)
       via  9052ffda912a48bfb0f6aa1555a97e313ee54642 (commit)
       via  d00b1d62d62036dc21c78658a28da4a6279e6fe2 (commit)
      from  02a62d1a4ab711e935defb6e61c2564130ff8627 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 5b17b79a895bb9eace11d4596acadaa2ed69cf2d
Author: Kurt Roeckx <kurt at roeckx.be>
Date:   Mon Dec 9 22:03:34 2013 +0100

    capi_ctrl, capi_vtrace: check for NULL after allocating and free it
    
    Reviewed-by: Matt Caswell <matt at openssl.org>

commit 3a7581bf5ae3579e506b18f4b36c266c84890450
Author: Jonas Maebe <jonas.maebe at elis.ugent.be>
Date:   Mon Dec 9 22:02:35 2013 +0100

    tree_print: check for NULL after allocating err
    
    Signed-off-by: Kurt Roeckx <kurt at roeckx.be>
    Reviewed-by: Matt Caswell <matt at openssl.org>

commit 288b4e4f8f97069db63fdca6f6dddcf56282b03d
Author: Jonas Maebe <jonas.maebe at elis.ugent.be>
Date:   Mon Dec 9 17:21:43 2013 +0100

    tls1_heartbeat: check for NULL after allocating buf
    
    Signed-off-by: Kurt Roeckx <kurt at roeckx.be>
    Reviewed-by: Matt Caswell <matt at openssl.org>

commit c27dc3981cd676cdd6dba00b06d6146545fc63fc
Author: Jonas Maebe <jonas.maebe at elis.ugent.be>
Date:   Sun Dec 7 17:38:51 2014 +0100

    tls1_process_heartbeat: check for NULL after allocating buffer
    
    Signed-off-by: Kurt Roeckx <kurt at roeckx.be>
    Reviewed-by: Matt Caswell <matt at openssl.org>

commit fed5b5525204a6892c936173d9336c479fa83941
Author: Jonas Maebe <jonas.maebe at elis.ugent.be>
Date:   Mon Dec 9 17:02:44 2013 +0100

    SSL_set_session: check for NULL after allocating s->kssl_ctx->client_princ
    
    Signed-off-by: Kurt Roeckx <kurt at roeckx.be>
    Reviewed-by: Matt Caswell <matt at openssl.org>

commit e9e688effbd5f94e9a8614ca0181a9c8a596a6e1
Author: Jonas Maebe <jonas.maebe at elis.ugent.be>
Date:   Mon Dec 9 16:57:04 2013 +0100

    serverinfo_process_buffer: check result of realloc(ctx->cert->key->serverinfo) and don't leak memory if it fails
    
    Signed-off-by: Kurt Roeckx <kurt at roeckx.be>
    Reviewed-by: Matt Caswell <matt at openssl.org>

commit bf8e7047aa888bdba4a89fd0d03862ebec2d302c
Author: Jonas Maebe <jonas.maebe at elis.ugent.be>
Date:   Mon Dec 9 16:45:44 2013 +0100

    ssl3_digest_cached_records: check for NULL after allocating s->s3->handshake_dgst
    
    Signed-off-by: Kurt Roeckx <kurt at roeckx.be>
    Reviewed-by: Matt Caswell <matt at openssl.org>

commit 9052ffda912a48bfb0f6aa1555a97e313ee54642
Author: Jonas Maebe <jonas.maebe at elis.ugent.be>
Date:   Sun Dec 8 23:30:09 2013 +0100

    ssl3_get_certificate_request: check for NULL after allocating s->cert->ctypes
    
    Signed-off-by: Kurt Roeckx <kurt at roeckx.be>
    Reviewed-by: Matt Caswell <matt at openssl.org>

commit d00b1d62d62036dc21c78658a28da4a6279e6fe2
Author: Jonas Maebe <jonas.maebe at elis.ugent.be>
Date:   Mon Dec 2 22:07:02 2013 +0100

    SSL_COMP_add_compression_method: exit if allocating the new compression method struct fails
    
    Signed-off-by: Kurt Roeckx <kurt at roeckx.be>
    Reviewed-by: Matt Caswell <matt at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 crypto/x509v3/pcy_tree.c |    2 ++
 engines/e_capi.c         |   11 +++++++++++
 engines/e_capi_err.c     |    4 +++-
 engines/e_capi_err.h     |    2 ++
 ssl/s3_clnt.c            |    5 +++++
 ssl/s3_enc.c             |    5 +++++
 ssl/ssl.h                |    1 +
 ssl/ssl_ciph.c           |    7 +++++++
 ssl/ssl_err.c            |    1 +
 ssl/ssl_rsa.c            |    7 +++++--
 ssl/ssl_sess.c           |    5 +++++
 ssl/t1_lib.c             |   10 ++++++++++
 12 files changed, 57 insertions(+), 3 deletions(-)

diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c
index 47b1bf8..93470c3 100644
--- a/crypto/x509v3/pcy_tree.c
+++ b/crypto/x509v3/pcy_tree.c
@@ -101,6 +101,8 @@ static void tree_print(char *str, X509_POLICY_TREE *tree,
 	int i;
 	BIO *err;
 	err = BIO_new_fp(stderr, BIO_NOCLOSE);
+	if (err == NULL)
+		return;
 	if (!curr)
 		curr = tree->levels + tree->nlevel;
 	else
diff --git a/engines/e_capi.c b/engines/e_capi.c
index 87a10dd..8a19ed0 100644
--- a/engines/e_capi.c
+++ b/engines/e_capi.c
@@ -340,6 +340,11 @@ static int capi_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
 		}
 	ctx = ENGINE_get_ex_data(e, capi_idx);
 	out = BIO_new_fp(stdout, BIO_NOCLOSE);
+	if (out == NULL)
+		{
+		CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_FILE_OPEN_ERROR);
+		return 0;
+		}
 	switch (cmd)
 		{
 		case CAPI_CMD_LIST_CSPS:
@@ -406,6 +411,7 @@ static int capi_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
 		if (i < 1 || i > 3)
 			{
 			CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_INVALID_LOOKUP_METHOD);
+			BIO_free(out);
 			return 0;
 			}
 		ctx->lookup_method = i;
@@ -1081,6 +1087,11 @@ static void capi_vtrace(CAPI_CTX *ctx, int level, char *format, va_list argptr)
 	if (!ctx || (ctx->debug_level < level) || (!ctx->debug_file))
 		return;
 	out = BIO_new_file(ctx->debug_file, "a+");
+	if (out == NULL)
+		{
+		CAPIerr(CAPI_F_CAPI_VTRACE, CAPI_R_FILE_OPEN_ERROR);
+		return;
+		}
 	BIO_vprintf(out, format, argptr);
 	BIO_free(out);
 	}
diff --git a/engines/e_capi_err.c b/engines/e_capi_err.c
index eaaefb2..a36ada3 100644
--- a/engines/e_capi_err.c
+++ b/engines/e_capi_err.c
@@ -1,6 +1,6 @@
 /* e_capi_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2014 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -86,6 +86,7 @@ static ERR_STRING_DATA CAPI_str_functs[]=
 {ERR_FUNC(CAPI_F_CAPI_RSA_PRIV_DEC),	"CAPI_RSA_PRIV_DEC"},
 {ERR_FUNC(CAPI_F_CAPI_RSA_PRIV_ENC),	"CAPI_RSA_PRIV_ENC"},
 {ERR_FUNC(CAPI_F_CAPI_RSA_SIGN),	"CAPI_RSA_SIGN"},
+{ERR_FUNC(CAPI_F_CAPI_VTRACE),	"CAPI_VTRACE"},
 {ERR_FUNC(CAPI_F_CERT_SELECT_DIALOG),	"CERT_SELECT_DIALOG"},
 {ERR_FUNC(CAPI_F_CLIENT_CERT_SELECT),	"CLIENT_CERT_SELECT"},
 {ERR_FUNC(CAPI_F_WIDE_TO_ASC),	"WIDE_TO_ASC"},
@@ -109,6 +110,7 @@ static ERR_STRING_DATA CAPI_str_reasons[]=
 {ERR_REASON(CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO),"error getting key provider info"},
 {ERR_REASON(CAPI_R_ERROR_OPENING_STORE)  ,"error opening store"},
 {ERR_REASON(CAPI_R_ERROR_SIGNING_HASH)   ,"error signing hash"},
+{ERR_REASON(CAPI_R_FILE_OPEN_ERROR)      ,"file open error"},
 {ERR_REASON(CAPI_R_FUNCTION_NOT_SUPPORTED),"function not supported"},
 {ERR_REASON(CAPI_R_GETUSERKEY_ERROR)     ,"getuserkey error"},
 {ERR_REASON(CAPI_R_INVALID_DIGEST_LENGTH),"invalid digest length"},
diff --git a/engines/e_capi_err.h b/engines/e_capi_err.h
index efa7001..1844bf0 100644
--- a/engines/e_capi_err.h
+++ b/engines/e_capi_err.h
@@ -87,6 +87,7 @@ static void ERR_CAPI_error(int function, int reason, char *file, int line);
 #define CAPI_F_CAPI_RSA_PRIV_DEC			 110
 #define CAPI_F_CAPI_RSA_PRIV_ENC			 111
 #define CAPI_F_CAPI_RSA_SIGN				 112
+#define CAPI_F_CAPI_VTRACE				 118
 #define CAPI_F_CERT_SELECT_DIALOG			 117
 #define CAPI_F_CLIENT_CERT_SELECT			 116
 #define CAPI_F_WIDE_TO_ASC				 113
@@ -107,6 +108,7 @@ static void ERR_CAPI_error(int function, int reason, char *file, int line);
 #define CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO		 109
 #define CAPI_R_ERROR_OPENING_STORE			 110
 #define CAPI_R_ERROR_SIGNING_HASH			 111
+#define CAPI_R_FILE_OPEN_ERROR				 128
 #define CAPI_R_FUNCTION_NOT_SUPPORTED			 112
 #define CAPI_R_GETUSERKEY_ERROR				 113
 #define CAPI_R_INVALID_DIGEST_LENGTH			 124
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index c5f6ceb..e178fe1 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -2145,6 +2145,11 @@ int ssl3_get_certificate_request(SSL *s)
 		{
 		/* If we exceed static buffer copy all to cert structure */
 		s->cert->ctypes = OPENSSL_malloc(ctype_num);
+		if (s->cert->ctypes == NULL)
+			{
+			SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
 		memcpy(s->cert->ctypes, p, ctype_num);
 		s->cert->ctype_num = (size_t)ctype_num;
 		ctype_num=SSL3_CT_NUMBER;
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index f7de30b..66f5280 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -616,6 +616,11 @@ int ssl3_digest_cached_records(SSL *s)
 	/* Allocate handshake_dgst array */
 	ssl3_free_digest_list(s);
 	s->s3->handshake_dgst = OPENSSL_malloc(SSL_MAX_DIGEST * sizeof(EVP_MD_CTX *));
+	if (s->s3->handshake_dgst == NULL)
+		{
+		SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_MALLOC_FAILURE);
+		return 0;
+		}
 	memset(s->s3->handshake_dgst,0,SSL_MAX_DIGEST *sizeof(EVP_MD_CTX *));
 	hdatalen = BIO_get_mem_data(s->s3->handshake_buffer,&hdata);
 	if (hdatalen <= 0)
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 61c9890..51b8df0 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -2732,6 +2732,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT		 275
 #define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT		 276
 #define SSL_F_TLS1_PRF					 284
+#define SSL_F_TLS1_PROCESS_HEARTBEAT			 341
 #define SSL_F_TLS1_SETUP_KEY_BLOCK			 211
 #define SSL_F_TLS1_SET_SERVER_SIGALGS			 335
 
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 1599d79..133d9d9 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1962,6 +1962,13 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
 
 	MemCheck_off();
 	comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
+	if (comp == NULL)
+		{
+		MemCheck_on();
+		SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
+		return(1);
+		}
+
 	comp->id=id;
 	comp->method=cm;
 	load_builtin_compressions();
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 00c4bc8..5f8c075 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -273,6 +273,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_FUNC(SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT),	"TLS1_PREPARE_CLIENTHELLO_TLSEXT"},
 {ERR_FUNC(SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT),	"TLS1_PREPARE_SERVERHELLO_TLSEXT"},
 {ERR_FUNC(SSL_F_TLS1_PRF),	"tls1_prf"},
+{ERR_FUNC(SSL_F_TLS1_PROCESS_HEARTBEAT),	"tls1_process_heartbeat"},
 {ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK),	"tls1_setup_key_block"},
 {ERR_FUNC(SSL_F_TLS1_SET_SERVER_SIGALGS),	"tls1_set_server_sigalgs"},
 {0,NULL}
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index 6f9337e..006c02e 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -948,6 +948,8 @@ static int serverinfo_process_buffer(const unsigned char *serverinfo,
 int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
 			   size_t serverinfo_length)
 	{
+	unsigned char *new_serverinfo;
+
 	if (ctx == NULL || serverinfo == NULL || serverinfo_length == 0)
 		{
 		SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO,ERR_R_PASSED_NULL_PARAMETER);
@@ -968,13 +970,14 @@ int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
 		SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO,ERR_R_INTERNAL_ERROR);
 		return 0;
 		}
-	ctx->cert->key->serverinfo = OPENSSL_realloc(ctx->cert->key->serverinfo,
+	new_serverinfo = OPENSSL_realloc(ctx->cert->key->serverinfo,
 						     serverinfo_length);
-	if (ctx->cert->key->serverinfo == NULL)
+	if (new_serverinfo == NULL)
 		{
 		SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO,ERR_R_MALLOC_FAILURE);
 		return 0;
 		}
+	ctx->cert->key->serverinfo = new_serverinfo;
 	memcpy(ctx->cert->key->serverinfo, serverinfo, serverinfo_length);
 	ctx->cert->key->serverinfo_length = serverinfo_length;
 
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 3bac2db..a85f279 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -792,6 +792,11 @@ int SSL_set_session(SSL *s, SSL_SESSION *session)
                     session->krb5_client_princ_len > 0)
                 {
                     s->kssl_ctx->client_princ = (char *)OPENSSL_malloc(session->krb5_client_princ_len + 1);
+                    if (s->kssl_ctx->client_princ == NULL)
+                    {
+                        SSLerr(SSL_F_SSL_SET_SESSION, ERR_R_MALLOC_FAILURE);
+                        return(0);
+                    }
                     memcpy(s->kssl_ctx->client_princ,session->krb5_client_princ,
                             session->krb5_client_princ_len);
                     s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0';
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 891cd1f..8d5fd12 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -4003,6 +4003,11 @@ tls1_process_heartbeat(SSL *s)
 		 * payload, plus padding
 		 */
 		buffer = OPENSSL_malloc(1 + 2 + payload + padding);
+		if (buffer == NULL)
+			{
+			SSLerr(SSL_F_TLS1_PROCESS_HEARTBEAT,ERR_R_MALLOC_FAILURE);
+			return -1;
+			}
 		bp = buffer;
 		
 		/* Enter response type, length and copy payload */
@@ -4089,6 +4094,11 @@ tls1_heartbeat(SSL *s)
 	 *  - Padding
 	 */
 	buf = OPENSSL_malloc(1 + 2 + payload + padding);
+	if (buf == NULL)
+		{
+		SSLerr(SSL_F_TLS1_HEARTBEAT,ERR_R_MALLOC_FAILURE);
+		return -1;
+		}
 	p = buf;
 	/* Message Type */
 	*p++ = TLS1_HB_REQUEST;


hooks/post-receive
-- 
OpenSSL source code


More information about the openssl-commits mailing list