[openssl] OpenSSL_1_1_1-stable update

shane.lontis at oracle.com shane.lontis at oracle.com
Mon Sep 7 07:49:43 UTC 2020


The branch OpenSSL_1_1_1-stable has been updated
       via  309e73dfe067b3b774ef6f57bf665f41373a81ca (commit)
      from  56456c3404b0ec27f93816d951ff7a58827481f0 (commit)


- Log -----------------------------------------------------------------
commit 309e73dfe067b3b774ef6f57bf665f41373a81ca
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Mon Sep 7 17:44:38 2020 +1000

    Coverity Fixes
    
    x_algor.c: Explicit null dereferenced
    cms_sd.c: Resource leak
    ts_rsp_sign.c Resource Leak
    extensions_srvr.c: Resourse Leak
    v3_alt.c: Resourse Leak
    pcy_data.c: Resource Leak
    cms_lib.c: Resource Leak
    drbg_lib.c: Unchecked return code
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/12531)

-----------------------------------------------------------------------

Summary of changes:
 crypto/asn1/x_algor.c        | 12 ++++++++----
 crypto/cms/cms_lib.c         |  3 ++-
 crypto/cms/cms_sd.c          |  4 +++-
 crypto/rand/drbg_lib.c       |  8 +++++---
 crypto/ts/ts_rsp_sign.c      |  2 ++
 crypto/x509v3/pcy_data.c     |  1 +
 crypto/x509v3/v3_alt.c       |  1 +
 ssl/statem/extensions_srvr.c |  2 +-
 8 files changed, 23 insertions(+), 10 deletions(-)

diff --git a/crypto/asn1/x_algor.c b/crypto/asn1/x_algor.c
index e13daf849b..2046d8f3cf 100644
--- a/crypto/asn1/x_algor.c
+++ b/crypto/asn1/x_algor.c
@@ -110,13 +110,17 @@ int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src)
         if ((dest->algorithm = OBJ_dup(src->algorithm)) == NULL)
 	    return 0;
 
-    if (src->parameter)
+    if (src->parameter) {
+        dest->parameter = ASN1_TYPE_new();
+        if (dest->parameter == NULL)
+            return 0;
+
         /* Assuming this is also correct for a BOOL.
          * set does copy as a side effect.
          */
         if (ASN1_TYPE_set1(dest->parameter, 
-              src->parameter->type, src->parameter->value.ptr) == 0)
-	    return 0;
-
+                src->parameter->type, src->parameter->value.ptr) == 0)
+            return 0;
+    }
     return 1;
 }
diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c
index 57afba4361..cdd794e211 100644
--- a/crypto/cms/cms_lib.c
+++ b/crypto/cms/cms_lib.c
@@ -92,12 +92,13 @@ BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont)
 
     default:
         CMSerr(CMS_F_CMS_DATAINIT, CMS_R_UNSUPPORTED_TYPE);
-        return NULL;
+        goto err;
     }
 
     if (cmsbio)
         return BIO_push(cmsbio, cont);
 
+err:
     if (!icont)
         BIO_free(cont);
     return NULL;
diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
index 29ba4c1b13..6030f07181 100644
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@@ -897,8 +897,10 @@ int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
     ASN1_INTEGER *key = NULL;
     if (keysize > 0) {
         key = ASN1_INTEGER_new();
-        if (key == NULL || !ASN1_INTEGER_set(key, keysize))
+        if (key == NULL || !ASN1_INTEGER_set(key, keysize)) {
+            ASN1_INTEGER_free(key);
             return 0;
+        }
     }
     alg = X509_ALGOR_new();
     if (alg == NULL) {
diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c
index faf0590c6c..73fd4394a3 100644
--- a/crypto/rand/drbg_lib.c
+++ b/crypto/rand/drbg_lib.c
@@ -330,7 +330,7 @@ int RAND_DRBG_instantiate(RAND_DRBG *drbg,
     drbg->reseed_next_counter = tsan_load(&drbg->reseed_prop_counter);
     if (drbg->reseed_next_counter) {
         drbg->reseed_next_counter++;
-        if(!drbg->reseed_next_counter)
+        if (!drbg->reseed_next_counter)
             drbg->reseed_next_counter = 1;
     }
 
@@ -432,7 +432,7 @@ int RAND_DRBG_reseed(RAND_DRBG *drbg,
     drbg->reseed_next_counter = tsan_load(&drbg->reseed_prop_counter);
     if (drbg->reseed_next_counter) {
         drbg->reseed_next_counter++;
-        if(!drbg->reseed_next_counter)
+        if (!drbg->reseed_next_counter)
             drbg->reseed_next_counter = 1;
     }
 
@@ -554,7 +554,9 @@ int rand_drbg_restart(RAND_DRBG *drbg,
             drbg->meth->reseed(drbg, adin, adinlen, NULL, 0);
         } else if (reseeded == 0) {
             /* do a full reseeding if it has not been done yet above */
-            RAND_DRBG_reseed(drbg, NULL, 0, 0);
+            if (!RAND_DRBG_reseed(drbg, NULL, 0, 0)) {
+                RANDerr(RAND_F_RAND_DRBG_RESTART, RAND_R_RESEED_ERROR);
+            }
         }
     }
 
diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c
index 041a187da6..342582f024 100644
--- a/crypto/ts/ts_rsp_sign.c
+++ b/crypto/ts/ts_rsp_sign.c
@@ -57,12 +57,14 @@ static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *ctx, void *data)
         goto err;
     if (!ASN1_INTEGER_set(serial, 1))
         goto err;
+
     return serial;
 
  err:
     TSerr(TS_F_DEF_SERIAL_CB, ERR_R_MALLOC_FAILURE);
     TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
                                 "Error during serial number generation.");
+    ASN1_INTEGER_free(serial);
     return NULL;
 }
 
diff --git a/crypto/x509v3/pcy_data.c b/crypto/x509v3/pcy_data.c
index 0735059513..62db3b48e2 100644
--- a/crypto/x509v3/pcy_data.c
+++ b/crypto/x509v3/pcy_data.c
@@ -52,6 +52,7 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy,
     ret = OPENSSL_zalloc(sizeof(*ret));
     if (ret == NULL) {
         X509V3err(X509V3_F_POLICY_DATA_NEW, ERR_R_MALLOC_FAILURE);
+        ASN1_OBJECT_free(id);
         return NULL;
     }
     ret->expected_policy_set = sk_ASN1_OBJECT_new_null();
diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c
index 7ac2911b91..0bcee334a8 100644
--- a/crypto/x509v3/v3_alt.c
+++ b/crypto/x509v3/v3_alt.c
@@ -275,6 +275,7 @@ static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens)
     num = sk_GENERAL_NAME_num(ialt);
     if (!sk_GENERAL_NAME_reserve(gens, num)) {
         X509V3err(X509V3_F_COPY_ISSUER, ERR_R_MALLOC_FAILURE);
+        sk_GENERAL_NAME_free(ialt);
         goto err;
     }
 
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 3b07c6b940..3c7395c0eb 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -1151,7 +1151,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
             if (sesstmp == NULL) {
                 SSLfatal(s, SSL_AD_INTERNAL_ERROR,
                          SSL_F_TLS_PARSE_CTOS_PSK, ERR_R_INTERNAL_ERROR);
-                return 0;
+                goto err;
             }
             SSL_SESSION_free(sess);
             sess = sesstmp;


More information about the openssl-commits mailing list