[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Sat Jun 26 01:35:29 UTC 2021
The branch master has been updated
via f06c5547605b1e400f95eafb77a42947e4d50b78 (commit)
via 711d5a2fc0d611d5574c6d81b9cc0aa1564d2d2a (commit)
via 1f25fd161698e7b93d43872735793b084f2d92af (commit)
via a52d20c82a82a0c1d5ecf9f1337906c6783f0971 (commit)
via 1f3f8a3d016ac1c659f7201e152c291d03437b72 (commit)
via 150251904c2b4c2cffd7429af90cd0486e3682d7 (commit)
from d4af922c583ce152f7d8f35869ab92d5b37cbfd2 (commit)
- Log -----------------------------------------------------------------
commit f06c5547605b1e400f95eafb77a42947e4d50b78
Author: Pauli <pauli at openssl.org>
Date: Fri Jun 25 12:57:53 2021 +1000
test: check for NULL returns better
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15910)
commit 711d5a2fc0d611d5574c6d81b9cc0aa1564d2d2a
Author: Pauli <pauli at openssl.org>
Date: Fri Jun 25 12:57:37 2021 +1000
test: avoid memory leaks on errors
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15910)
commit 1f25fd161698e7b93d43872735793b084f2d92af
Author: Pauli <pauli at openssl.org>
Date: Fri Jun 25 12:56:57 2021 +1000
evp_test: address NULL pointer dereference and return failure better
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15910)
commit a52d20c82a82a0c1d5ecf9f1337906c6783f0971
Author: Pauli <pauli at openssl.org>
Date: Fri Jun 25 12:56:01 2021 +1000
ui: address potential memory leak
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15910)
commit 1f3f8a3d016ac1c659f7201e152c291d03437b72
Author: Pauli <pauli at openssl.org>
Date: Fri Jun 25 12:55:28 2021 +1000
apps: address potential memory leaks
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15910)
commit 150251904c2b4c2cffd7429af90cd0486e3682d7
Author: Pauli <pauli at openssl.org>
Date: Fri Jun 25 12:54:43 2021 +1000
x509: address NULL dereference and memory leaks
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15910)
-----------------------------------------------------------------------
Summary of changes:
apps/s_server.c | 4 ++++
crypto/ui/ui_lib.c | 2 +-
crypto/x509/x_pubkey.c | 16 +++++++++-------
crypto/x509/x_x509a.c | 11 ++++++++---
test/conf_include_test.c | 5 +++--
test/evp_test.c | 4 +++-
test/helpers/handshake.c | 4 +++-
test/hmactest.c | 3 ++-
test/params_test.c | 5 ++++-
test/sslapitest.c | 6 +++++-
10 files changed, 42 insertions(+), 18 deletions(-)
diff --git a/apps/s_server.c b/apps/s_server.c
index 9c0c467ed6..a112b01f1b 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -3016,6 +3016,7 @@ static int www_body(int s, int stype, int prot, unsigned char *context)
/* No need to free |con| after this. Done by BIO_free(ssl_bio) */
BIO_set_ssl(ssl_bio, con, BIO_CLOSE);
BIO_push(io, ssl_bio);
+ ssl_bio = NULL;
#ifdef CHARSET_EBCDIC
io = BIO_push(BIO_new(BIO_f_ebcdic_filter()), io);
#endif
@@ -3376,6 +3377,7 @@ static int www_body(int s, int stype, int prot, unsigned char *context)
err:
OPENSSL_free(buf);
+ BIO_free(ssl_bio);
BIO_free_all(io);
return ret;
}
@@ -3420,6 +3422,7 @@ static int rev_body(int s, int stype, int prot, unsigned char *context)
/* No need to free |con| after this. Done by BIO_free(ssl_bio) */
BIO_set_ssl(ssl_bio, con, BIO_CLOSE);
BIO_push(io, ssl_bio);
+ ssl_bio = NULL;
#ifdef CHARSET_EBCDIC
io = BIO_push(BIO_new(BIO_f_ebcdic_filter()), io);
#endif
@@ -3517,6 +3520,7 @@ static int rev_body(int s, int stype, int prot, unsigned char *context)
err:
OPENSSL_free(buf);
+ BIO_free(ssl_bio);
BIO_free_all(io);
return ret;
}
diff --git a/crypto/ui/ui_lib.c b/crypto/ui/ui_lib.c
index fd03dc6cd0..7cb91add41 100644
--- a/crypto/ui/ui_lib.c
+++ b/crypto/ui/ui_lib.c
@@ -43,7 +43,7 @@ UI *UI_new_method(const UI_METHOD *method)
ret->meth = method;
if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI, ret, &ret->ex_data)) {
- OPENSSL_free(ret);
+ UI_free(ret);
return NULL;
}
return ret;
diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c
index e669ae3574..b20b756e9a 100644
--- a/crypto/x509/x_pubkey.c
+++ b/crypto/x509/x_pubkey.c
@@ -84,14 +84,16 @@ void ossl_X509_PUBKEY_INTERNAL_free(X509_PUBKEY *xpub)
static void x509_pubkey_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
{
- X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval;
+ X509_PUBKEY *pubkey;
- X509_ALGOR_free(pubkey->algor);
- ASN1_BIT_STRING_free(pubkey->public_key);
- EVP_PKEY_free(pubkey->pkey);
- OPENSSL_free(pubkey->propq);
- OPENSSL_free(pubkey);
- *pval = NULL;
+ if (pval != NULL && (pubkey = (X509_PUBKEY *)*pval) != NULL) {
+ X509_ALGOR_free(pubkey->algor);
+ ASN1_BIT_STRING_free(pubkey->public_key);
+ EVP_PKEY_free(pubkey->pkey);
+ OPENSSL_free(pubkey->propq);
+ OPENSSL_free(pubkey);
+ *pval = NULL;
+ }
}
static int x509_pubkey_ex_populate(ASN1_VALUE **pval, const ASN1_ITEM *it)
diff --git a/crypto/x509/x_x509a.c b/crypto/x509/x_x509a.c
index ef93db26d8..c88a58aa9f 100644
--- a/crypto/x509/x_x509a.c
+++ b/crypto/x509/x_x509a.c
@@ -125,6 +125,8 @@ int X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj)
{
X509_CERT_AUX *aux;
ASN1_OBJECT *objtmp;
+ int res = 0;
+
if ((objtmp = OBJ_dup(obj)) == NULL)
return 0;
if ((aux = aux_get(x)) == NULL)
@@ -132,10 +134,13 @@ int X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj)
if (aux->reject == NULL
&& (aux->reject = sk_ASN1_OBJECT_new_null()) == NULL)
goto err;
- return sk_ASN1_OBJECT_push(aux->reject, objtmp);
+ if (sk_ASN1_OBJECT_push(aux->reject, objtmp) > 0)
+ res = 1;
+
err:
- ASN1_OBJECT_free(objtmp);
- return 0;
+ if (!res)
+ ASN1_OBJECT_free(objtmp);
+ return res;
}
void X509_trust_clear(X509 *x)
diff --git a/test/conf_include_test.c b/test/conf_include_test.c
index 1c00c601e5..2481a2380b 100644
--- a/test/conf_include_test.c
+++ b/test/conf_include_test.c
@@ -42,7 +42,7 @@ static int change_path(const char *file)
char *s = OPENSSL_strdup(file);
char *p = s;
char *last = NULL;
- int ret;
+ int ret = 0;
if (s == NULL)
return -1;
@@ -51,11 +51,12 @@ static int change_path(const char *file)
last = p++;
}
if (last == NULL)
- return 0;
+ goto err;
last[DIRSEP_PRESERVE] = 0;
TEST_note("changing path to %s", s);
ret = chdir(s);
+ err:
OPENSSL_free(s);
return ret;
}
diff --git a/test/evp_test.c b/test/evp_test.c
index 2310fb7907..16b1a50c2d 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -2006,8 +2006,10 @@ static int pbe_test_init(EVP_TEST *t, const char *alg)
pbe_type = PBE_TYPE_PKCS12;
} else {
TEST_error("Unknown pbe algorithm %s", alg);
+ return 0;
}
- pdat = OPENSSL_zalloc(sizeof(*pdat));
+ if (!TEST_ptr(pdat = OPENSSL_zalloc(sizeof(*pdat))))
+ return 0;
pdat->pbe_type = pbe_type;
t->data = pdat;
return 1;
diff --git a/test/helpers/handshake.c b/test/helpers/handshake.c
index 0543634c73..d44aa4baaf 100644
--- a/test/helpers/handshake.c
+++ b/test/helpers/handshake.c
@@ -278,8 +278,10 @@ static int server_ocsp_cb(SSL *s, void *arg)
* For the purposes of testing we just send back a dummy OCSP response
*/
*resp = *(unsigned char *)arg;
- if (!SSL_set_tlsext_status_ocsp_resp(s, resp, 1))
+ if (!SSL_set_tlsext_status_ocsp_resp(s, resp, 1)) {
+ OPENSSL_free(resp);
return SSL_TLSEXT_ERR_ALERT_FATAL;
+ }
return SSL_TLSEXT_ERR_OK;
}
diff --git a/test/hmactest.c b/test/hmactest.c
index 7cb7fb635c..63954a1183 100644
--- a/test/hmactest.c
+++ b/test/hmactest.c
@@ -132,7 +132,8 @@ static int test_hmac_run(void)
unsigned int len;
int ret = 0;
- ctx = HMAC_CTX_new();
+ if (!TEST_ptr(ctx = HMAC_CTX_new()))
+ return 0;
HMAC_CTX_reset(ctx);
if (!TEST_ptr(ctx)
diff --git a/test/params_test.c b/test/params_test.c
index 205c2deab0..13cfb9d19e 100644
--- a/test/params_test.c
+++ b/test/params_test.c
@@ -97,7 +97,10 @@ static void cleanup_object(void *vobj)
static void *init_object(void)
{
- struct object_st *obj = OPENSSL_zalloc(sizeof(*obj));
+ struct object_st *obj;
+
+ if (!TEST_ptr(obj = OPENSSL_zalloc(sizeof(*obj))))
+ return NULL;
obj->p1 = p1_init;
obj->p2 = p2_init;
diff --git a/test/sslapitest.c b/test/sslapitest.c
index 850c941ac2..bbb1cf91f4 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -1644,7 +1644,11 @@ static int ocsp_server_cb(SSL *s, void *arg)
if (!TEST_ptr(copy = OPENSSL_memdup(orespder, sizeof(orespder))))
return SSL_TLSEXT_ERR_ALERT_FATAL;
- SSL_set_tlsext_status_ocsp_resp(s, copy, sizeof(orespder));
+ if (!TEST_true(SSL_set_tlsext_status_ocsp_resp(s, copy,
+ sizeof(orespder)))) {
+ OPENSSL_free(copy);
+ return SSL_TLSEXT_ERR_ALERT_FATAL;
+ }
ocsp_server_called = 1;
return SSL_TLSEXT_ERR_OK;
}
More information about the openssl-commits
mailing list