[openssl-commits] [openssl] master update

nic.tuv at gmail.com nic.tuv at gmail.com
Wed Sep 5 12:25:07 UTC 2018 

The branch master has been updated
       via  544648a8e07612449460ebc0e608a226fde38e67 (commit)
       via  0c5d725ebf31ce7b6db9d638aab508da3263444d (commit)
      from  2167640b0bf76ec50a397dd90444b97c242e3f04 (commit)


- Log -----------------------------------------------------------------
commit 544648a8e07612449460ebc0e608a226fde38e67
Author: Nicola Tuveri <nic.tuv at gmail.com>
Date:   Wed Sep 5 12:08:12 2018 +0300

    Harmonize the error handling codepath
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/7121)

commit 0c5d725ebf31ce7b6db9d638aab508da3263444d
Author: Nicola Tuveri <nic.tuv at gmail.com>
Date:   Wed Sep 5 11:58:55 2018 +0300

    Fix segfault in RSA_free() (and DSA/DH/EC_KEY)
    
    `RSA_free()` and friends are called in case of error from
    `RSA_new_method(ENGINE *e)` (or the respective equivalent functions).
    
    For the rest of the description I'll talk about `RSA_*`, but the same
    applies for the equivalent `DSA_free()`, `DH_free()`, `EC_KEY_free()`.
    
    If `RSA_new_method()` fails because the engine does not implement the
    required method, when `RSA_free(RSA *r)` is called,
    `r->meth == NULL` and a segfault happens while checking if
    `r->meth->finish` is defined.
    
    This commit fixes this issue by ensuring that `r->meth` is not NULL
    before dereferencing it to check for `r->meth->finish`.
    
    Fixes #7102 .
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/7121)

-----------------------------------------------------------------------

Summary of changes:
 crypto/dh/dh_lib.c   | 10 ++++++----
 crypto/dsa/dsa_lib.c | 10 ++++++----
 crypto/ec/ec_key.c   |  2 +-
 crypto/ec/ec_kmeth.c |  2 +-
 crypto/rsa/rsa_lib.c |  4 ++--
 5 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c
index e425225..962f864 100644
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -83,12 +83,14 @@ DH *DH_new_method(ENGINE *engine)
 
     if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
         DHerr(DH_F_DH_NEW_METHOD, ERR_R_INIT_FAIL);
-err:
-        DH_free(ret);
-        ret = NULL;
+        goto err;
     }
 
     return ret;
+
+ err:
+    DH_free(ret);
+    return NULL;
 }
 
 void DH_free(DH *r)
@@ -104,7 +106,7 @@ void DH_free(DH *r)
         return;
     REF_ASSERT_ISNT(i < 0);
 
-    if (r->meth->finish)
+    if (r->meth != NULL && r->meth->finish != NULL)
         r->meth->finish(r);
 #ifndef OPENSSL_NO_ENGINE
     ENGINE_finish(r->engine);
diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index 739fde6..1048601 100644
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -90,12 +90,14 @@ DSA *DSA_new_method(ENGINE *engine)
 
     if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
         DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_INIT_FAIL);
-err:
-        DSA_free(ret);
-        ret = NULL;
+        goto err;
     }
 
     return ret;
+
+ err:
+    DSA_free(ret);
+    return NULL;
 }
 
 void DSA_free(DSA *r)
@@ -111,7 +113,7 @@ void DSA_free(DSA *r)
         return;
     REF_ASSERT_ISNT(i < 0);
 
-    if (r->meth->finish)
+    if (r->meth != NULL && r->meth->finish != NULL)
         r->meth->finish(r);
 #ifndef OPENSSL_NO_ENGINE
     ENGINE_finish(r->engine);
diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
index ec10b7e..9349abf 100644
--- a/crypto/ec/ec_key.c
+++ b/crypto/ec/ec_key.c
@@ -51,7 +51,7 @@ void EC_KEY_free(EC_KEY *r)
         return;
     REF_ASSERT_ISNT(i < 0);
 
-    if (r->meth->finish != NULL)
+    if (r->meth != NULL && r->meth->finish != NULL)
         r->meth->finish(r);
 
 #ifndef OPENSSL_NO_ENGINE
diff --git a/crypto/ec/ec_kmeth.c b/crypto/ec/ec_kmeth.c
index 5e5d1ae..decad65 100644
--- a/crypto/ec/ec_kmeth.c
+++ b/crypto/ec/ec_kmeth.c
@@ -119,7 +119,7 @@ EC_KEY *EC_KEY_new_method(ENGINE *engine)
     }
     return ret;
 
-err:
+ err:
     EC_KEY_free(ret);
     return NULL;
 }
diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
index 61b1c16..72d1b5e 100644
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -97,7 +97,7 @@ RSA *RSA_new_method(ENGINE *engine)
 
     return ret;
 
-err:
+ err:
     RSA_free(ret);
     return NULL;
 }
@@ -115,7 +115,7 @@ void RSA_free(RSA *r)
         return;
     REF_ASSERT_ISNT(i < 0);
 
-    if (r->meth->finish)
+    if (r->meth != NULL && r->meth->finish != NULL)
         r->meth->finish(r);
 #ifndef OPENSSL_NO_ENGINE
     ENGINE_finish(r->engine);

More information about the openssl-commits mailing list