[openssl-commits] [openssl] OpenSSL_1_0_1-stable update
Matt Caswell
matt at openssl.org
Thu Mar 12 09:35:52 UTC 2015
The branch OpenSSL_1_0_1-stable has been updated
via f06249f112a37c0caece07e90ebb01b525e62fd7 (commit)
via 2407241fb27c5ebd69262024b8abf9486708c7e6 (commit)
via 3942e7d9ebc262fa5c5c42aba0167e06d981f004 (commit)
via 2679485e69c55b8186bc14d4947fc508c5f55358 (commit)
via e6dcb08984b2e3f765ab5a2f45aaf0a8cc263bba (commit)
via 0c8f4229995bbb51bd29c314e2d71d7edce229de (commit)
via cc27bec2b40ca6741125cbeef6a214dfbe1f85f9 (commit)
from f5ee5213073870493a8ade98b13ea41a2b20b8d4 (commit)
- Log -----------------------------------------------------------------
commit f06249f112a37c0caece07e90ebb01b525e62fd7
Author: Matt Caswell <matt at openssl.org>
Date: Wed Mar 11 20:50:20 2015 +0000
Fix missing return checks in v3_cpols.c
Fixed assorted missing return value checks in c3_cpols.c
Reviewed-by: Rich Salz <rsalz at openssl.org>
(cherry picked from commit c5f2b5336ab72e40ab91e2ca85639f51fa3178c6)
commit 2407241fb27c5ebd69262024b8abf9486708c7e6
Author: Matt Caswell <matt at openssl.org>
Date: Wed Mar 11 20:19:08 2015 +0000
Fix dsa_pub_encode
The return value from ASN1_STRING_new() was not being checked which could
lead to a NULL deref in the event of a malloc failure. Also fixed a mem
leak in the error path.
Reviewed-by: Rich Salz <rsalz at openssl.org>
(cherry picked from commit 0c7ca4033dcf5398334d4b78a7dfb941c8167a40)
commit 3942e7d9ebc262fa5c5c42aba0167e06d981f004
Author: Matt Caswell <matt at openssl.org>
Date: Wed Mar 11 20:08:16 2015 +0000
Fix dh_pub_encode
The return value from ASN1_STRING_new() was not being checked which could
lead to a NULL deref in the event of a malloc failure. Also fixed a mem
leak in the error path.
Reviewed-by: Rich Salz <rsalz at openssl.org>
(cherry picked from commit 6aa8dab2bbfd5ad3cfc0d07fe5d7243635d5b2a2)
Conflicts:
crypto/dh/dh_ameth.c
commit 2679485e69c55b8186bc14d4947fc508c5f55358
Author: Matt Caswell <matt at openssl.org>
Date: Wed Mar 11 19:41:01 2015 +0000
Fix asn1_item_print_ctx
The call to asn1_do_adb can return NULL on error, so we should check the
return value before attempting to use it.
Reviewed-by: Rich Salz <rsalz at openssl.org>
(cherry picked from commit 34a7ed0c39aa3ab67eea1e106577525eaf0d7a00)
commit e6dcb08984b2e3f765ab5a2f45aaf0a8cc263bba
Author: Matt Caswell <matt at openssl.org>
Date: Wed Mar 11 16:00:01 2015 +0000
ASN1_primitive_new NULL param handling
ASN1_primitive_new takes an ASN1_ITEM * param |it|. There are a couple
of conditional code paths that check whether |it| is NULL or not - but
later |it| is deref'd unconditionally. If |it| was ever really NULL then
this would seg fault. In practice ASN1_primitive_new is marked as an
internal function in the public header file. The only places it is ever
used internally always pass a non NULL parameter for |it|. Therefore, change
the code to sanity check that |it| is not NULL, and remove the conditional
checking.
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Andy Polyakov <appro at openssl.org>
(cherry picked from commit 9e488fd6ab2c295941e91a47ab7bcd346b7540c7)
commit 0c8f4229995bbb51bd29c314e2d71d7edce229de
Author: Matt Caswell <matt at openssl.org>
Date: Wed Mar 11 15:41:52 2015 +0000
Fix EVP_DigestInit_ex with NULL digest
Calling EVP_DigestInit_ex which has already had the digest set up for it
should be possible. You are supposed to be able to pass NULL for the type.
However currently this seg faults.
Reviewed-by: Andy Polyakov <appro at openssl.org>
(cherry picked from commit a01087027bd0c5ec053d4eabd972bd942bfcd92f)
commit cc27bec2b40ca6741125cbeef6a214dfbe1f85f9
Author: Matt Caswell <matt at openssl.org>
Date: Wed Mar 11 15:31:16 2015 +0000
Fix error handling in bn_exp
In the event of an error |rr| could be NULL. Therefore don't assume you can
use |rr| in the error handling code.
Reviewed-by: Andy Polyakov <appro at openssl.org>
(cherry picked from commit 8c5a7b33c6269c3bd6bc0df6b4c22e4fba03b485)
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/tasn_new.c | 7 +++++--
crypto/asn1/tasn_prn.c | 2 ++
crypto/bn/bn_exp.c | 4 ++--
crypto/dh/dh_ameth.c | 12 +++++++-----
crypto/dsa/dsa_ameth.c | 14 ++++++++------
crypto/evp/digest.c | 9 ++++++---
crypto/x509v3/v3_cpols.c | 16 ++++++++++++----
7 files changed, 42 insertions(+), 22 deletions(-)
diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c
index d25c68c..7d2964f 100644
--- a/crypto/asn1/tasn_new.c
+++ b/crypto/asn1/tasn_new.c
@@ -315,13 +315,16 @@ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
ASN1_STRING *str;
int utype;
- if (it && it->funcs) {
+ if (!it)
+ return 0;
+
+ if (it->funcs) {
const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
if (pf->prim_new)
return pf->prim_new(pval, it);
}
- if (!it || (it->itype == ASN1_ITYPE_MSTRING))
+ if (it->itype == ASN1_ITYPE_MSTRING)
utype = -1;
else
utype = it->utype;
diff --git a/crypto/asn1/tasn_prn.c b/crypto/asn1/tasn_prn.c
index 11d784c..4866dcd 100644
--- a/crypto/asn1/tasn_prn.c
+++ b/crypto/asn1/tasn_prn.c
@@ -289,6 +289,8 @@ static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
const ASN1_TEMPLATE *seqtt;
seqtt = asn1_do_adb(fld, tt, 1);
+ if(!seqtt)
+ return 0;
tmpfld = asn1_get_field_ptr(fld, seqtt);
if (!asn1_template_print_ctx(out, tmpfld,
indent + 2, seqtt, pctx))
diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c
index fca4014..27146c8 100644
--- a/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c
@@ -168,10 +168,10 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
goto err;
}
}
- ret = 1;
- err:
if (r != rr)
BN_copy(r, rr);
+ ret = 1;
+ err:
BN_CTX_end(ctx);
bn_check_top(r);
return (ret);
diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
index 680400f..1dec109 100644
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -126,7 +126,6 @@ static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
{
DH *dh;
- void *pval = NULL;
int ptype;
unsigned char *penc = NULL;
int penclen;
@@ -136,12 +135,15 @@ static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
dh = pkey->pkey.dh;
str = ASN1_STRING_new();
+ if(!str) {
+ DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
str->length = i2d_DHparams(dh, &str->data);
if (str->length <= 0) {
DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
goto err;
}
- pval = str;
ptype = V_ASN1_SEQUENCE;
pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL);
@@ -158,14 +160,14 @@ static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
}
if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DH),
- ptype, pval, penc, penclen))
+ ptype, str, penc, penclen))
return 1;
err:
if (penc)
OPENSSL_free(penc);
- if (pval)
- ASN1_STRING_free(pval);
+ if (str)
+ ASN1_STRING_free(str);
return 0;
}
diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
index 1b29d81..a2840ea 100644
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -129,21 +129,23 @@ static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
{
DSA *dsa;
- void *pval = NULL;
int ptype;
unsigned char *penc = NULL;
int penclen;
+ ASN1_STRING *str = NULL;
dsa = pkey->pkey.dsa;
if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) {
- ASN1_STRING *str;
str = ASN1_STRING_new();
+ if (!str) {
+ DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
str->length = i2d_DSAparams(dsa, &str->data);
if (str->length <= 0) {
DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
goto err;
}
- pval = str;
ptype = V_ASN1_SEQUENCE;
} else
ptype = V_ASN1_UNDEF;
@@ -158,14 +160,14 @@ static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
}
if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA),
- ptype, pval, penc, penclen))
+ ptype, str, penc, penclen))
return 1;
err:
if (penc)
OPENSSL_free(penc);
- if (pval)
- ASN1_STRING_free(pval);
+ if (str)
+ ASN1_STRING_free(str);
return 0;
}
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index 386a3f7..2e202c8 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -191,9 +191,12 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
ctx->engine = impl;
} else
ctx->engine = NULL;
- } else if (!ctx->digest) {
- EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_NO_DIGEST_SET);
- return 0;
+ } else {
+ if (!ctx->digest) {
+ EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_NO_DIGEST_SET);
+ return 0;
+ }
+ type = ctx->digest;
}
#endif
if (ctx->digest != type) {
diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c
index 476d51c..dca6ab2 100644
--- a/crypto/x509v3/v3_cpols.c
+++ b/crypto/x509v3/v3_cpols.c
@@ -230,8 +230,12 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
goto merr;
if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
goto merr;
- qual->pqualid = OBJ_nid2obj(NID_id_qt_cps);
- qual->d.cpsuri = M_ASN1_IA5STRING_new();
+ if(!(qual->pqualid = OBJ_nid2obj(NID_id_qt_cps))) {
+ X509V3err(X509V3_F_POLICY_SECTION, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ if(!(qual->d.cpsuri = M_ASN1_IA5STRING_new()))
+ goto merr;
if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value,
strlen(cnf->value)))
goto merr;
@@ -290,14 +294,18 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
POLICYQUALINFO *qual;
if (!(qual = POLICYQUALINFO_new()))
goto merr;
- qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice);
+ if(!(qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice))) {
+ X509V3err(X509V3_F_NOTICE_SECTION, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
if (!(not = USERNOTICE_new()))
goto merr;
qual->d.usernotice = not;
for (i = 0; i < sk_CONF_VALUE_num(unot); i++) {
cnf = sk_CONF_VALUE_value(unot, i);
if (!strcmp(cnf->name, "explicitText")) {
- not->exptext = M_ASN1_VISIBLESTRING_new();
+ if(!(not->exptext = M_ASN1_VISIBLESTRING_new()))
+ goto merr;
if (!ASN1_STRING_set(not->exptext, cnf->value,
strlen(cnf->value)))
goto merr;
More information about the openssl-commits
mailing list