[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Mon Aug 22 23:22:03 UTC 2016
The branch master has been updated
via 8b7c51a0e4a03895a657cf2eb8d5c2aa1ca3586f (commit)
via c6231e9c7baec688792e043d12508e608545fffb (commit)
via a36c5eabf589aef716966fbbc8772ead1205abd7 (commit)
via b197257d71694fd52ab61d173f77c8a120d3eead (commit)
via 4d94bd362dc297c8496a479d1059ec3192fd8bbe (commit)
via 4162c7d378722581aeea7d90d4aa46ac2c49abd8 (commit)
via 85d6b09ddaf32a67a351521f84651c3193286663 (commit)
via c72b8e069de6a8863123d5be05e41b833abe09ee (commit)
via 030648cea98faeba94a510ecc6e3d283040eec5c (commit)
via 2b201c5c9dc2e2fd6afb94bf9b70a1d6482ba7d2 (commit)
via 2f3930bc0edbfdc7718f709b856fa53f0ec57cde (commit)
from b1b22b0b77c2118377320d9a665f495fdea7d419 (commit)
- Log -----------------------------------------------------------------
commit 8b7c51a0e4a03895a657cf2eb8d5c2aa1ca3586f
Author: Matt Caswell <matt at openssl.org>
Date: Tue Aug 23 00:01:57 2016 +0100
Add some sanity checks when checking CRL scores
Reviewed-by: Tim Hudson <tjh at openssl.org>
commit c6231e9c7baec688792e043d12508e608545fffb
Author: Matt Caswell <matt at openssl.org>
Date: Mon Aug 22 23:53:09 2016 +0100
Remove some dead code
The assignment to ret is dead, because ret is assigned again later.
Reviewed-by: Tim Hudson <tjh at openssl.org>
commit a36c5eabf589aef716966fbbc8772ead1205abd7
Author: Matt Caswell <matt at openssl.org>
Date: Mon Aug 22 23:41:15 2016 +0100
Sanity check an ASN1_object_size result
If it's negative don't try and malloc it.
Reviewed-by: Tim Hudson <tjh at openssl.org>
commit b197257d71694fd52ab61d173f77c8a120d3eead
Author: Matt Caswell <matt at openssl.org>
Date: Mon Aug 22 23:39:28 2016 +0100
Check for error return from ASN1_object_size
Otherwise we try to malloc a -1 size.
Reviewed-by: Tim Hudson <tjh at openssl.org>
commit 4d94bd362dc297c8496a479d1059ec3192fd8bbe
Author: Matt Caswell <matt at openssl.org>
Date: Mon Aug 22 23:34:30 2016 +0100
Check for malloc error in bn_x931p.c
Ensure BN_CTX_get() has been successful
Reviewed-by: Tim Hudson <tjh at openssl.org>
commit 4162c7d378722581aeea7d90d4aa46ac2c49abd8
Author: Matt Caswell <matt at openssl.org>
Date: Mon Aug 22 23:23:31 2016 +0100
Fix mem leak on error path
The mem pointed to by cAB can be leaked on an error path.
Reviewed-by: Tim Hudson <tjh at openssl.org>
commit 85d6b09ddaf32a67a351521f84651c3193286663
Author: Matt Caswell <matt at openssl.org>
Date: Mon Aug 22 23:20:45 2016 +0100
Fix mem leak on error path
The mem pointed to by cAB can be leaked on an error path.
Reviewed-by: Tim Hudson <tjh at openssl.org>
commit c72b8e069de6a8863123d5be05e41b833abe09ee
Author: Matt Caswell <matt at openssl.org>
Date: Mon Aug 22 23:18:50 2016 +0100
Fix mem leak on error path
The mem pointed to by tmp can be leaked on an error path.
Reviewed-by: Tim Hudson <tjh at openssl.org>
commit 030648cea98faeba94a510ecc6e3d283040eec5c
Author: Matt Caswell <matt at openssl.org>
Date: Mon Aug 22 22:27:27 2016 +0100
Ensure the mime_hdr_free function can handle NULLs
Sometimes it is called with a NULL pointer
Reviewed-by: Tim Hudson <tjh at openssl.org>
commit 2b201c5c9dc2e2fd6afb94bf9b70a1d6482ba7d2
Author: Matt Caswell <matt at openssl.org>
Date: Mon Aug 22 22:21:30 2016 +0100
Ensure CT_POLICY_EVAL_CTX_free behaves properly with a NULL arg
Reviewed-by: Tim Hudson <tjh at openssl.org>
commit 2f3930bc0edbfdc7718f709b856fa53f0ec57cde
Author: Matt Caswell <matt at openssl.org>
Date: Mon Aug 22 22:17:20 2016 +0100
Fix leak on error in tls_construct_cke_gost
Don't leak pke_ctx on error.
Reviewed-by: Tim Hudson <tjh at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/asn_mime.c | 2 ++
crypto/bio/bf_buff.c | 1 -
crypto/bio/bf_lbuf.c | 1 -
crypto/bn/bn_x931p.c | 3 +++
crypto/ct/ct_policy.c | 2 ++
crypto/objects/obj_dat.c | 2 ++
crypto/ocsp/ocsp_ext.c | 3 +++
crypto/srp/srp_lib.c | 14 +++++++++-----
crypto/x509/x509_vfy.c | 4 ++--
ssl/statem/statem_clnt.c | 2 +-
10 files changed, 24 insertions(+), 10 deletions(-)
diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c
index a4527a1..d7ec801 100644
--- a/crypto/asn1/asn_mime.c
+++ b/crypto/asn1/asn_mime.c
@@ -918,6 +918,8 @@ static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, const char *name)
static void mime_hdr_free(MIME_HEADER *hdr)
{
+ if (hdr == NULL)
+ return;
OPENSSL_free(hdr->name);
OPENSSL_free(hdr->value);
if (hdr->params)
diff --git a/crypto/bio/bf_buff.c b/crypto/bio/bf_buff.c
index 702581e..b2a387b 100644
--- a/crypto/bio/bf_buff.c
+++ b/crypto/bio/bf_buff.c
@@ -365,7 +365,6 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr)
} else {
ctx->obuf_len = 0;
ctx->obuf_off = 0;
- ret = 1;
break;
}
}
diff --git a/crypto/bio/bf_lbuf.c b/crypto/bio/bf_lbuf.c
index ed25b1f..b3c2b5e 100644
--- a/crypto/bio/bf_lbuf.c
+++ b/crypto/bio/bf_lbuf.c
@@ -270,7 +270,6 @@ static long linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr)
ctx->obuf_len -= r;
} else {
ctx->obuf_len = 0;
- ret = 1;
break;
}
}
diff --git a/crypto/bn/bn_x931p.c b/crypto/bn/bn_x931p.c
index 516ad34..40734cb 100644
--- a/crypto/bn/bn_x931p.c
+++ b/crypto/bn/bn_x931p.c
@@ -74,6 +74,9 @@ int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
pm1 = BN_CTX_get(ctx);
+ if (pm1 == NULL)
+ goto err;
+
if (!bn_x931_derive_pi(p1, Xp1, ctx, cb))
goto err;
diff --git a/crypto/ct/ct_policy.c b/crypto/ct/ct_policy.c
index 8bc9133..33738de 100644
--- a/crypto/ct/ct_policy.c
+++ b/crypto/ct/ct_policy.c
@@ -30,6 +30,8 @@ CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void)
void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx)
{
+ if (ctx == NULL)
+ return;
X509_free(ctx->cert);
X509_free(ctx->issuer);
OPENSSL_free(ctx);
diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c
index bb50f63..259851b 100644
--- a/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c
@@ -373,6 +373,8 @@ ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name)
}
/* Work out total size */
j = ASN1_object_size(0, i, V_ASN1_OBJECT);
+ if (j < 0)
+ return NULL;
if ((buf = OPENSSL_malloc(j)) == NULL)
return NULL;
diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c
index 151cafa..e60a8d3 100644
--- a/crypto/ocsp/ocsp_ext.c
+++ b/crypto/ocsp/ocsp_ext.c
@@ -256,6 +256,9 @@ static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts,
* relies on library internals.
*/
os.length = ASN1_object_size(0, len, V_ASN1_OCTET_STRING);
+ if (os.length < 0)
+ goto err;
+
os.data = OPENSSL_malloc(os.length);
if (os.data == NULL)
goto err;
diff --git a/crypto/srp/srp_lib.c b/crypto/srp/srp_lib.c
index 7f297be..ddd86b7 100644
--- a/crypto/srp/srp_lib.c
+++ b/crypto/srp/srp_lib.c
@@ -19,7 +19,7 @@ static BIGNUM *srp_Calc_k(const BIGNUM *N, const BIGNUM *g)
/* k = SHA1(N | PAD(g)) -- tls-srp draft 8 */
unsigned char digest[SHA_DIGEST_LENGTH];
- unsigned char *tmp;
+ unsigned char *tmp = NULL;
EVP_MD_CTX *ctxt = NULL;
int longg;
int longN = BN_num_bytes(N);
@@ -45,12 +45,12 @@ static BIGNUM *srp_Calc_k(const BIGNUM *N, const BIGNUM *g)
if (!EVP_DigestUpdate(ctxt, tmp + longg, longN - longg)
|| !EVP_DigestUpdate(ctxt, tmp, longg))
goto err;
- OPENSSL_free(tmp);
if (!EVP_DigestFinal_ex(ctxt, digest, NULL))
goto err;
res = BN_bin2bn(digest, sizeof(digest), NULL);
err:
+ OPENSSL_free(tmp);
EVP_MD_CTX_free(ctxt);
return res;
}
@@ -84,7 +84,7 @@ BIGNUM *SRP_Calc_u(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N)
|| !EVP_DigestUpdate(ctxt, cAB + BN_bn2bin(A, cAB + longN), longN)
|| !EVP_DigestUpdate(ctxt, cAB + BN_bn2bin(B, cAB + longN), longN))
goto err;
- OPENSSL_free(cAB);
+
if (!EVP_DigestFinal_ex(ctxt, cu, NULL))
goto err;
@@ -94,7 +94,9 @@ BIGNUM *SRP_Calc_u(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N)
BN_free(u);
u = NULL;
}
+
err:
+ OPENSSL_free(cAB);
EVP_MD_CTX_free(ctxt);
return u;
@@ -166,7 +168,7 @@ BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass)
{
unsigned char dig[SHA_DIGEST_LENGTH];
EVP_MD_CTX *ctxt;
- unsigned char *cs;
+ unsigned char *cs = NULL;
BIGNUM *res = NULL;
if ((s == NULL) || (user == NULL) || (pass == NULL))
@@ -188,13 +190,15 @@ BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass)
BN_bn2bin(s, cs);
if (!EVP_DigestUpdate(ctxt, cs, BN_num_bytes(s)))
goto err;
- OPENSSL_free(cs);
+
if (!EVP_DigestUpdate(ctxt, dig, sizeof(dig))
|| !EVP_DigestFinal_ex(ctxt, dig, NULL))
goto err;
res = BN_bin2bn(dig, sizeof(dig), NULL);
+
err:
+ OPENSSL_free(cs);
EVP_MD_CTX_free(ctxt);
return res;
}
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 13a9ba3..070afd1 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -974,10 +974,10 @@ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
crl = sk_X509_CRL_value(crls, i);
reasons = *preasons;
crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x);
- if (crl_score < best_score)
+ if (crl_score < best_score || crl_score == 0)
continue;
/* If current CRL is equivalent use it if it is newer */
- if (crl_score == best_score) {
+ if (crl_score == best_score && best_crl != NULL) {
int day, sec;
if (ASN1_TIME_diff(&day, &sec, X509_CRL_get0_lastUpdate(best_crl),
X509_CRL_get0_lastUpdate(crl)) == 0)
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 8f250cd..ff42858 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2368,7 +2368,7 @@ static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al)
if (pms == NULL) {
*al = SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_TLS_CONSTRUCT_CKE_GOST, ERR_R_MALLOC_FAILURE);
- return 0;
+ goto err;
}
if (EVP_PKEY_encrypt_init(pkey_ctx) <= 0
More information about the openssl-commits
mailing list