[openssl] master update
Matt Caswell
matt at openssl.org
Fri Nov 29 14:26:54 UTC 2019
The branch master has been updated
via 17197a2f61d04314b465b71a4ce164b5e219f15c (commit)
via c1ff5994407bc093eca78eb2fd4f813b7ee581a2 (commit)
from b4be6937f2a80aa48afd1e3de50749874e4ad9b5 (commit)
- Log -----------------------------------------------------------------
commit 17197a2f61d04314b465b71a4ce164b5e219f15c
Author: Matt Caswell <matt at openssl.org>
Date: Tue Nov 26 17:15:20 2019 +0000
Check the return from OPENSSL_buf2hexstr()
The function OPENSSL_buf2hexstr() can return NULL if it fails to allocate
memory so the callers should check its return value.
Fixes #10525
Reported-by: Ziyang Li (@Liby99)
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10526)
commit c1ff5994407bc093eca78eb2fd4f813b7ee581a2
Author: Matt Caswell <matt at openssl.org>
Date: Tue Nov 26 17:14:08 2019 +0000
Check that OPENSSL_zalloc was successful when creating EVP types
We were missing a NULL check in a few very similar places following an
OPENSSL_zalloc() call.
Reported-by: Ziyang Li (@Liby99)
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10526)
-----------------------------------------------------------------------
Summary of changes:
apps/kdf.c | 4 ++++
apps/openssl.c | 3 ++-
crypto/err/err_prn.c | 3 ++-
crypto/evp/exchange.c | 6 ++++++
crypto/evp/pmeth_fn.c | 12 ++++++++++++
crypto/mem_dbg.c | 4 ++--
crypto/x509/v3_akey.c | 11 ++++++++++-
7 files changed, 38 insertions(+), 5 deletions(-)
diff --git a/apps/kdf.c b/apps/kdf.c
index 66e7e7a7c1..82818f1ff3 100644
--- a/apps/kdf.c
+++ b/apps/kdf.c
@@ -138,6 +138,10 @@ opthelp:
BIO_write(out, dkm_bytes, dkm_len);
} else {
hexout = OPENSSL_buf2hexstr(dkm_bytes, dkm_len);
+ if (hexout == NULL) {
+ BIO_printf(bio_err, "Memory allocation failure\n");
+ goto err;
+ }
BIO_printf(out, "%s\n\n", hexout);
}
diff --git a/apps/openssl.c b/apps/openssl.c
index 31f598815a..769555e5e1 100644
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -113,7 +113,8 @@ static size_t internal_trace_cb(const char *buf, size_t cnt,
tid = CRYPTO_THREAD_get_current_id();
hex = OPENSSL_buf2hexstr((const unsigned char *)&tid, sizeof(tid));
BIO_snprintf(buffer, sizeof(buffer), "TRACE[%s]:%s: ",
- hex, OSSL_trace_get_category_name(category));
+ hex == NULL ? "<null>" : hex,
+ OSSL_trace_get_category_name(category));
OPENSSL_free(hex);
BIO_ctrl(trace_data->bio, PREFIX_CTRL_SET_PREFIX,
strlen(buffer), buffer);
diff --git a/crypto/err/err_prn.c b/crypto/err/err_prn.c
index 27e987e0e1..e0184b0771 100644
--- a/crypto/err/err_prn.c
+++ b/crypto/err/err_prn.c
@@ -36,7 +36,8 @@ void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u),
data = "";
hex = OPENSSL_buf2hexstr((const unsigned char *)&tid, sizeof(tid));
BIO_snprintf(buf, sizeof(buf), "%s:error:%s:%s:%s:%s:%d:%s\n",
- hex, lib, func, reason, file, line, data);
+ hex == NULL ? "<null>" : hex, lib, func, reason, file,
+ line, data);
OPENSSL_free(hex);
if (cb(buf, strlen(buf), u) <= 0)
break; /* abort outputting the error report */
diff --git a/crypto/evp/exchange.c b/crypto/evp/exchange.c
index aebfbaf3da..189c1c0f45 100644
--- a/crypto/evp/exchange.c
+++ b/crypto/evp/exchange.c
@@ -20,8 +20,14 @@ static EVP_KEYEXCH *evp_keyexch_new(OSSL_PROVIDER *prov)
{
EVP_KEYEXCH *exchange = OPENSSL_zalloc(sizeof(EVP_KEYEXCH));
+ if (exchange == NULL) {
+ ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
exchange->lock = CRYPTO_THREAD_lock_new();
if (exchange->lock == NULL) {
+ ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
OPENSSL_free(exchange);
return NULL;
}
diff --git a/crypto/evp/pmeth_fn.c b/crypto/evp/pmeth_fn.c
index 1115e18ba2..638619051e 100644
--- a/crypto/evp/pmeth_fn.c
+++ b/crypto/evp/pmeth_fn.c
@@ -20,8 +20,14 @@ static EVP_SIGNATURE *evp_signature_new(OSSL_PROVIDER *prov)
{
EVP_SIGNATURE *signature = OPENSSL_zalloc(sizeof(EVP_SIGNATURE));
+ if (signature == NULL) {
+ ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
signature->lock = CRYPTO_THREAD_lock_new();
if (signature->lock == NULL) {
+ ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
OPENSSL_free(signature);
return NULL;
}
@@ -760,8 +766,14 @@ static EVP_ASYM_CIPHER *evp_asym_cipher_new(OSSL_PROVIDER *prov)
{
EVP_ASYM_CIPHER *cipher = OPENSSL_zalloc(sizeof(EVP_ASYM_CIPHER));
+ if (cipher == NULL) {
+ ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
cipher->lock = CRYPTO_THREAD_lock_new();
if (cipher->lock == NULL) {
+ ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
OPENSSL_free(cipher);
return NULL;
}
diff --git a/crypto/mem_dbg.c b/crypto/mem_dbg.c
index 779ad3cec9..561dd80437 100644
--- a/crypto/mem_dbg.c
+++ b/crypto/mem_dbg.c
@@ -374,8 +374,8 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
hex = OPENSSL_buf2hexstr((const unsigned char *)&m->threadid,
sizeof(m->threadid));
- n = BIO_snprintf(bufp, len, "thread=%s, number=%d, address=%p\n", hex,
- m->num, m->addr);
+ n = BIO_snprintf(bufp, len, "thread=%s, number=%d, address=%p\n",
+ hex == NULL ? "<null>" : hex, m->num, m->addr);
OPENSSL_free(hex);
if (n <= 0)
return;
diff --git a/crypto/x509/v3_akey.c b/crypto/x509/v3_akey.c
index b656b4b502..4898869b0b 100644
--- a/crypto/x509/v3_akey.c
+++ b/crypto/x509/v3_akey.c
@@ -42,13 +42,22 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
char *tmp;
if (akeyid->keyid) {
tmp = OPENSSL_buf2hexstr(akeyid->keyid->data, akeyid->keyid->length);
- X509V3_add_value((akeyid->issuer || akeyid->serial) ? "keyid" : NULL, tmp, &extlist);
+ if (tmp == NULL) {
+ ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ X509V3_add_value((akeyid->issuer || akeyid->serial) ? "keyid" : NULL,
+ tmp, &extlist);
OPENSSL_free(tmp);
}
if (akeyid->issuer)
extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);
if (akeyid->serial) {
tmp = OPENSSL_buf2hexstr(akeyid->serial->data, akeyid->serial->length);
+ if (tmp == NULL) {
+ ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
X509V3_add_value("serial", tmp, &extlist);
OPENSSL_free(tmp);
}
More information about the openssl-commits
mailing list