[openssl] OpenSSL_1_1_1-stable update
dev at ddvo.net
dev at ddvo.net
Tue Jun 9 10:14:27 UTC 2020
The branch OpenSSL_1_1_1-stable has been updated
via 7f699cb663741a73cfe95214d4a39a1078c94294 (commit)
via 46fe1c7caee1442ead1f7c780e5c50045a00f76e (commit)
from 49eebbc408535e8670cb62ea661b696ec5819f15 (commit)
- Log -----------------------------------------------------------------
commit 7f699cb663741a73cfe95214d4a39a1078c94294
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: Wed Jun 3 07:49:27 2020 +0200
Fix err checking and mem leaks of BIO_set_conn_port and BIO_set_conn_address
Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12036)
commit 46fe1c7caee1442ead1f7c780e5c50045a00f76e
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: Wed Jun 3 21:38:20 2020 +0200
Replace BUF_strdup() call by OPENSSL_strdup() adding failure check in bss_acpt.c
Add OPENSSL_strdup failure check to cpt_ctrl() in bss_acpt.c
Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12036)
-----------------------------------------------------------------------
Summary of changes:
crypto/bio/bss_acpt.c | 6 ++++--
crypto/bio/bss_conn.c | 25 ++++++++++++++++++-------
2 files changed, 22 insertions(+), 9 deletions(-)
diff --git a/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c
index 5a2cb50dfc..4461eae233 100644
--- a/crypto/bio/bss_acpt.c
+++ b/crypto/bio/bss_acpt.c
@@ -434,8 +434,10 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr)
b->init = 1;
} else if (num == 1) {
OPENSSL_free(data->param_serv);
- data->param_serv = BUF_strdup(ptr);
- b->init = 1;
+ if ((data->param_serv = OPENSSL_strdup(ptr)) == NULL)
+ ret = 0;
+ else
+ b->init = 1;
} else if (num == 2) {
data->bind_mode |= BIO_SOCK_NONBLOCK;
} else if (num == 3) {
diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c
index f4c6b85728..807a82b23b 100644
--- a/crypto/bio/bss_conn.c
+++ b/crypto/bio/bss_conn.c
@@ -416,12 +416,13 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
case BIO_C_SET_CONNECT:
if (ptr != NULL) {
b->init = 1;
- if (num == 0) {
+ if (num == 0) { /* BIO_set_conn_hostname */
char *hold_service = data->param_service;
/* We affect the hostname regardless. However, the input
* string might contain a host:service spec, so we must
* parse it, which might or might not affect the service
*/
+
OPENSSL_free(data->param_hostname);
data->param_hostname = NULL;
ret = BIO_parse_hostserv(ptr,
@@ -430,19 +431,29 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
BIO_PARSE_PRIO_HOST);
if (hold_service != data->param_service)
OPENSSL_free(hold_service);
- } else if (num == 1) {
+ } else if (num == 1) { /* BIO_set_conn_port */
OPENSSL_free(data->param_service);
- data->param_service = BUF_strdup(ptr);
- } else if (num == 2) {
+ if ((data->param_service = OPENSSL_strdup(ptr)) == NULL)
+ ret = 0;
+ } else if (num == 2) { /* BIO_set_conn_address */
const BIO_ADDR *addr = (const BIO_ADDR *)ptr;
+ char *host = BIO_ADDR_hostname_string(addr, 1);
+ char *service = BIO_ADDR_service_string(addr, 1);
+
+ ret = host != NULL && service != NULL;
if (ret) {
- data->param_hostname = BIO_ADDR_hostname_string(addr, 1);
- data->param_service = BIO_ADDR_service_string(addr, 1);
+ OPENSSL_free(data->param_hostname);
+ data->param_hostname = host;
+ OPENSSL_free(data->param_service);
+ data->param_service = service;
BIO_ADDRINFO_free(data->addr_first);
data->addr_first = NULL;
data->addr_iter = NULL;
+ } else {
+ OPENSSL_free(host);
+ OPENSSL_free(service);
}
- } else if (num == 3) {
+ } else if (num == 3) { /* BIO_set_conn_ip_family */
data->connect_family = *(int *)ptr;
} else {
ret = 0;
More information about the openssl-commits
mailing list