[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

nic.tuv at gmail.com nic.tuv at gmail.com
Wed Sep 5 12:28:11 UTC 2018 

The branch OpenSSL_1_1_0-stable has been updated
       via  a842be9cf7bdf3cb3abbfe152d811cbc57dded27 (commit)
       via  c28a2ffd01dc1da932aa55d518b57a933cdc51be (commit)
      from  374804bd0973e8af05046caecc40e6b906d1a375 (commit)


- Log -----------------------------------------------------------------
commit a842be9cf7bdf3cb3abbfe152d811cbc57dded27
Author: Nicola Tuveri <nic.tuv at gmail.com>
Date:   Wed Sep 5 12:08:12 2018 +0300

    Harmonize the error handling codepath
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/7121)

commit c28a2ffd01dc1da932aa55d518b57a933cdc51be
Author: Nicola Tuveri <nic.tuv at gmail.com>
Date:   Wed Sep 5 11:58:55 2018 +0300

    Fix segfault in RSA_free() (and DSA/DH/EC_KEY)
    
    `RSA_free()` and friends are called in case of error from
    `RSA_new_method(ENGINE *e)` (or the respective equivalent functions).
    
    For the rest of the description I'll talk about `RSA_*`, but the same
    applies for the equivalent `DSA_free()`, `DH_free()`, `EC_KEY_free()`.
    
    If `RSA_new_method()` fails because the engine does not implement the
    required method, when `RSA_free(RSA *r)` is called,
    `r->meth == NULL` and a segfault happens while checking if
    `r->meth->finish` is defined.
    
    This commit fixes this issue by ensuring that `r->meth` is not NULL
    before dereferencing it to check for `r->meth->finish`.
    
    Fixes #7102 .
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/7121)

-----------------------------------------------------------------------

Summary of changes:
 crypto/dh/dh_lib.c   | 10 ++++++----
 crypto/dsa/dsa_lib.c | 10 ++++++----
 crypto/ec/ec_key.c   |  2 +-
 crypto/ec/ec_kmeth.c |  2 +-
 crypto/rsa/rsa_lib.c |  4 ++--
 5 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c
index 716f4a4..4bc62a6 100644
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -82,12 +82,14 @@ DH *DH_new_method(ENGINE *engine)
 
     if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
         DHerr(DH_F_DH_NEW_METHOD, ERR_R_INIT_FAIL);
-err:
-        DH_free(ret);
-        ret = NULL;
+        goto err;
     }
 
     return ret;
+
+ err:
+    DH_free(ret);
+    return NULL;
 }
 
 void DH_free(DH *r)
@@ -103,7 +105,7 @@ void DH_free(DH *r)
         return;
     REF_ASSERT_ISNT(i < 0);
 
-    if (r->meth->finish)
+    if (r->meth != NULL && r->meth->finish != NULL)
         r->meth->finish(r);
 #ifndef OPENSSL_NO_ENGINE
     ENGINE_finish(r->engine);
diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index 9598846..9600c61 100644
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -91,12 +91,14 @@ DSA *DSA_new_method(ENGINE *engine)
 
     if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
         DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_INIT_FAIL);
-err:
-        DSA_free(ret);
-        ret = NULL;
+        goto err;
     }
 
     return ret;
+
+ err:
+    DSA_free(ret);
+    return NULL;
 }
 
 void DSA_free(DSA *r)
@@ -112,7 +114,7 @@ void DSA_free(DSA *r)
         return;
     REF_ASSERT_ISNT(i < 0);
 
-    if (r->meth->finish)
+    if (r->meth != NULL && r->meth->finish != NULL)
         r->meth->finish(r);
 #ifndef OPENSSL_NO_ENGINE
     ENGINE_finish(r->engine);
diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
index f1f0afb..df35b64 100644
--- a/crypto/ec/ec_key.c
+++ b/crypto/ec/ec_key.c
@@ -55,7 +55,7 @@ void EC_KEY_free(EC_KEY *r)
         return;
     REF_ASSERT_ISNT(i < 0);
 
-    if (r->meth->finish != NULL)
+    if (r->meth != NULL && r->meth->finish != NULL)
         r->meth->finish(r);
 
 #ifndef OPENSSL_NO_ENGINE
diff --git a/crypto/ec/ec_kmeth.c b/crypto/ec/ec_kmeth.c
index 5e5d1ae..decad65 100644
--- a/crypto/ec/ec_kmeth.c
+++ b/crypto/ec/ec_kmeth.c
@@ -119,7 +119,7 @@ EC_KEY *EC_KEY_new_method(ENGINE *engine)
     }
     return ret;
 
-err:
+ err:
     EC_KEY_free(ret);
     return NULL;
 }
diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
index e1377a0..40dee36 100644
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -94,7 +94,7 @@ RSA *RSA_new_method(ENGINE *engine)
 
     return ret;
 
-err:
+ err:
     RSA_free(ret);
     return NULL;
 }
@@ -112,7 +112,7 @@ void RSA_free(RSA *r)
         return;
     REF_ASSERT_ISNT(i < 0);
 
-    if (r->meth->finish)
+    if (r->meth != NULL && r->meth->finish != NULL)
         r->meth->finish(r);
 #ifndef OPENSSL_NO_ENGINE
     ENGINE_finish(r->engine);

More information about the openssl-commits mailing list