[openssl-commits] [openssl] master update

Matt Caswell matt at openssl.org
Tue Apr 17 16:33:44 UTC 2018 

The branch master has been updated
       via  9f2a3bb19d42e6942cbbb7ea0a41a342ce158b94 (commit)
      from  a68236572850a1f50d5c40990b5a15a18ebea3bc (commit)


- Log -----------------------------------------------------------------
commit 9f2a3bb19d42e6942cbbb7ea0a41a342ce158b94
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Apr 16 18:41:01 2018 +0100

    Fix a memory leak in an error path
    
    Found by Coverity.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/5970)

-----------------------------------------------------------------------

Summary of changes:
 crypto/srp/srp_vfy.c | 22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
index 1bf2f26..b13c006 100644
--- a/crypto/srp/srp_vfy.c
+++ b/crypto/srp/srp_vfy.c
@@ -69,8 +69,10 @@ static int t_fromb64(unsigned char *a, size_t alen, const char *src)
      *  4 bytes unencoded = 6 bytes encoded
      *  etc
      */
-    if (padsize == 3)
-        return -1;
+    if (padsize == 3) {
+        outl = -1;
+        goto err;
+    }
 
     /* Valid padsize values are now 0, 1 or 2 */
 
@@ -80,12 +82,12 @@ static int t_fromb64(unsigned char *a, size_t alen, const char *src)
     /* Add any encoded padding that is required */
     if (padsize != 0
             && EVP_DecodeUpdate(ctx, a, &outl, pad, padsize) < 0) {
-        EVP_ENCODE_CTX_free(ctx);
-        return -1;
+        outl = -1;
+        goto err;
     }
     if (EVP_DecodeUpdate(ctx, a, &outl2, (const unsigned char *)src, size) < 0) {
-        EVP_ENCODE_CTX_free(ctx);
-        return -1;
+        outl = -1;
+        goto err;
     }
     outl += outl2;
     EVP_DecodeFinal(ctx, a + outl, &outl2);
@@ -93,8 +95,11 @@ static int t_fromb64(unsigned char *a, size_t alen, const char *src)
 
     /* Strip off the leading padding */
     if (padsize != 0) {
-        if ((int)padsize >= outl)
-            return -1;
+        if ((int)padsize >= outl) {
+            outl = -1;
+            goto err;
+        }
+
         /*
          * If we added 1 byte of padding prior to encoding then we have 2 bytes
          * of "real" data which gets spread across 4 encoded bytes like this:
@@ -112,6 +117,7 @@ static int t_fromb64(unsigned char *a, size_t alen, const char *src)
         outl -= padsize;
     }
 
+ err:
     EVP_ENCODE_CTX_free(ctx);
 
     return outl;

More information about the openssl-commits mailing list