[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Matt Caswell matt at openssl.org
Tue Mar 17 14:04:46 UTC 2015


The branch OpenSSL_1_0_2-stable has been updated
       via  6c4ce00753c5763cf836f6fec9ec07ed7c2e6e03 (commit)
       via  fcb61b6c92ac21c51ad23e4b983600747cdd8db1 (commit)
       via  b2b81639640e84046cdd5d869009eacef22448f5 (commit)
       via  56490fc26ff9dc2da162e6dc0675762edf607c1d (commit)
       via  f2e95a02b114d824905a5e2642287e060270515c (commit)
      from  912c8c92b5e703b19a6508de15b229e9fe788656 (commit)


- Log -----------------------------------------------------------------
commit 6c4ce00753c5763cf836f6fec9ec07ed7c2e6e03
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Mar 12 16:42:55 2015 +0000

    Fix seg fault in s_time
    
    Passing a negative value for the "-time" option to s_time results in a seg
    fault. This commit fixes it so that time has to be greater than 0.
    
    Reviewed-by: Andy Polyakov <appro at openssl.org>
    (cherry picked from commit dfef52f6f277327e118fdd0fe34486852c2789b6)

commit fcb61b6c92ac21c51ad23e4b983600747cdd8db1
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Mar 12 14:37:26 2015 +0000

    Add sanity check to PRF
    
    The function tls1_PRF counts the number of digests in use and partitions
    security evenly between them. There always needs to be at least one digest
    in use, otherwise this is an internal error. Add a sanity check for this.
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (cherry picked from commit 668f6f08c62177ab5893fc26ebb67053aafdffc8)

commit b2b81639640e84046cdd5d869009eacef22448f5
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Mar 12 12:54:44 2015 +0000

    Fix memset call in stack.c
    
    The function sk_zero is supposed to zero the elements held within a stack.
    It uses memset to do this. However it calculates the size of each element
    as being sizeof(char **) instead of sizeof(char *). This probably doesn't
    make much practical difference in most cases, but isn't a portable
    assumption.
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (cherry picked from commit 7132ac830fa08d9a936e011d7c541b0c52115b33)

commit 56490fc26ff9dc2da162e6dc0675762edf607c1d
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Mar 12 11:25:03 2015 +0000

    Move malloc fail checks closer to malloc
    
    Move memory allocation failure checks closer to the site of the malloc in
    dgst app. Only a problem if the debug flag is set...but still should be
    fixed.
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    (cherry picked from commit be1477adc97e76f4b83ed8075589f529069bd5d1)

commit f2e95a02b114d824905a5e2642287e060270515c
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Mar 12 11:10:47 2015 +0000

    Add malloc failure checks
    
    Add some missing checks for memory allocation failures in ca app.
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    (cherry picked from commit a561bfe944c0beba73551731cb98af70dfee3549)

-----------------------------------------------------------------------

Summary of changes:
 apps/ca.c            | 13 +++++++++++++
 apps/dgst.c          | 10 +++++-----
 apps/s_time.c        |  7 ++++++-
 crypto/stack/stack.c |  2 +-
 ssl/t1_enc.c         |  5 +++++
 5 files changed, 30 insertions(+), 7 deletions(-)

diff --git a/apps/ca.c b/apps/ca.c
index 3215c56..d64ec4f 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -2821,6 +2821,11 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
     ASN1_GENERALIZEDTIME *comp_time = NULL;
     tmp = BUF_strdup(str);
 
+    if(!tmp) {
+        BIO_printf(bio_err, "memory allocation failure\n");
+        goto err;
+    }
+
     p = strchr(tmp, ',');
 
     rtime_str = tmp;
@@ -2838,6 +2843,10 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
 
     if (prevtm) {
         *prevtm = ASN1_UTCTIME_new();
+        if(!*prevtm) {
+            BIO_printf(bio_err, "memory allocation failure\n");
+            goto err;
+        }
         if (!ASN1_UTCTIME_set_string(*prevtm, rtime_str)) {
             BIO_printf(bio_err, "invalid revocation date %s\n", rtime_str);
             goto err;
@@ -2878,6 +2887,10 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
                 goto err;
             }
             comp_time = ASN1_GENERALIZEDTIME_new();
+            if(!comp_time) {
+                BIO_printf(bio_err, "memory allocation failure\n");
+                goto err;
+            }
             if (!ASN1_GENERALIZEDTIME_set_string(comp_time, arg_str)) {
                 BIO_printf(bio_err, "invalid compromised time %s\n", arg_str);
                 goto err;
diff --git a/apps/dgst.c b/apps/dgst.c
index 47c2f69..95e5fa3 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -293,6 +293,11 @@ int MAIN(int argc, char **argv)
 
     in = BIO_new(BIO_s_file());
     bmd = BIO_new(BIO_f_md());
+    if ((in == NULL) || (bmd == NULL)) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
     if (debug) {
         BIO_set_callback(in, BIO_debug_callback);
         /* needed for windows 3.1 */
@@ -304,11 +309,6 @@ int MAIN(int argc, char **argv)
         goto end;
     }
 
-    if ((in == NULL) || (bmd == NULL)) {
-        ERR_print_errors(bio_err);
-        goto end;
-    }
-
     if (out_bin == -1) {
         if (keyfile)
             out_bin = 1;
diff --git a/apps/s_time.c b/apps/s_time.c
index 5846f3a..a40997a 100644
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -302,6 +302,10 @@ static int parseArgs(int argc, char **argv)
             if (--argc < 1)
                 goto bad;
             maxTime = atoi(*(++argv));
+            if(maxTime <= 0) {
+                BIO_printf(bio_err, "time must be > 0\n");
+                badop = 1;
+            }
         } else {
             BIO_printf(bio_err, "unknown option %s\n", *argv);
             badop = 1;
@@ -550,7 +554,8 @@ int MAIN(int argc, char **argv)
          nConn, totalTime, ((double)nConn / totalTime), bytes_read);
     printf
         ("%d connections in %ld real seconds, %ld bytes read per connection\n",
-         nConn, (long)time(NULL) - finishtime + maxTime, bytes_read / nConn);
+         nConn, (long)time(NULL) - finishtime + maxTime,
+         bytes_read / (nConn?nConn:1));
 
     ret = 0;
  end:
diff --git a/crypto/stack/stack.c b/crypto/stack/stack.c
index 47457c7..de437ac 100644
--- a/crypto/stack/stack.c
+++ b/crypto/stack/stack.c
@@ -312,7 +312,7 @@ void sk_zero(_STACK *st)
         return;
     if (st->num <= 0)
         return;
-    memset((char *)st->data, 0, sizeof(st->data) * st->num);
+    memset((char *)st->data, 0, sizeof(*st->data) * st->num);
     st->num = 0;
 }
 
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 84f5896..577885f 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -260,6 +260,11 @@ static int tls1_PRF(long digest_mask,
         if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask)
             count++;
     }
+    if(!count) {
+        /* Should never happen */
+        SSLerr(SSL_F_TLS1_PRF, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
     len = slen / count;
     if (count == 1)
         slen = 0;


More information about the openssl-commits mailing list