[openssl] openssl-3.0 update

tomas at openssl.org tomas at openssl.org
Thu Feb 17 12:02:11 UTC 2022 

The branch openssl-3.0 has been updated
       via  c6a0cb82bf0772722617a9d1e8c30523452fc52c (commit)
      from  22b3f72ed6ee2676f791fbd4e3a060cfcf1cb71a (commit)


- Log -----------------------------------------------------------------
commit c6a0cb82bf0772722617a9d1e8c30523452fc52c
Author: Jiasheng Jiang <jiasheng at iscas.ac.cn>
Date:   Wed Feb 16 11:27:23 2022 +0800

    apps/s_server: Add missing check for BIO_new
    
    As the potential failure of the BIO_new(), it should be better to check the return value and return error if fails in order to avoid the dereference of NULL pointer.
    And because 'bio_s_msg' is checked before being used everytime, which has no need to add the check.
    But 'bio_s_out' is not.
    And since the check 'if (bio_s_out == NULL)' is redundant, it can be removed to make the code succincter.
    Also the 'sbio' and so forth should be checked like the other places in the same file.
    
    Signed-off-by: Jiasheng Jiang <jiasheng at iscas.ac.cn>
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/17710)
    
    (cherry picked from commit ba0b60c632ae9c5590b59184281baaf0a39f0c24)

-----------------------------------------------------------------------

Summary of changes:
 apps/s_server.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 50 insertions(+), 4 deletions(-)

diff --git a/apps/s_server.c b/apps/s_server.c
index 864a15f69b..5ab58aebfa 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1804,10 +1804,13 @@ int s_server_main(int argc, char *argv[])
             if (s_msg && bio_s_msg == NULL)
                 bio_s_msg = dup_bio_out(FORMAT_TEXT);
         } else {
-            if (bio_s_out == NULL)
-                bio_s_out = dup_bio_out(FORMAT_TEXT);
+            bio_s_out = dup_bio_out(FORMAT_TEXT);
         }
     }
+
+    if (bio_s_out == NULL)
+        goto end;
+
     if (nocert) {
         s_cert_file = NULL;
         s_key_file = NULL;
@@ -2345,6 +2348,11 @@ static int sv_body(int s, int stype, int prot, unsigned char *context)
         else
 # endif
             sbio = BIO_new_dgram(s, BIO_NOCLOSE);
+        if (sbio == NULL) {
+            BIO_printf(bio_err, "Unable to create BIO\n");
+            ERR_print_errors(bio_err);
+            goto err;
+        }
 
         if (enable_timeouts) {
             timeout.tv_sec = 0;
@@ -2394,6 +2402,13 @@ static int sv_body(int s, int stype, int prot, unsigned char *context)
         BIO *test;
 
         test = BIO_new(BIO_f_nbio_test());
+        if (test == NULL) {
+            BIO_printf(bio_err, "Unable to create BIO\n");
+            ret = -1;
+            BIO_free(sbio);
+            goto err;
+        }
+
         sbio = BIO_push(test, sbio);
     }
 
@@ -2979,6 +2994,9 @@ static int www_body(int s, int stype, int prot, unsigned char *context)
     int width;
     fd_set readfds;
     const char *opmode;
+#ifdef CHARSET_EBCDIC
+    BIO *filter;
+#endif
 
     /* Set width for a select call if needed */
     width = s + 1;
@@ -3018,10 +3036,21 @@ static int www_body(int s, int stype, int prot, unsigned char *context)
     }
 
     sbio = BIO_new_socket(s, BIO_NOCLOSE);
+    if (sbio == NULL) {
+        SSL_free(con);
+        goto err;
+    }
+
     if (s_nbio_test) {
         BIO *test;
 
         test = BIO_new(BIO_f_nbio_test());
+        if (test == NULL) {
+            SSL_free(con);
+            BIO_free(sbio);
+            goto err;
+        }
+
         sbio = BIO_push(test, sbio);
     }
     SSL_set_bio(con, sbio, sbio);
@@ -3032,7 +3061,11 @@ static int www_body(int s, int stype, int prot, unsigned char *context)
     BIO_push(io, ssl_bio);
     ssl_bio = NULL;
 #ifdef CHARSET_EBCDIC
-    io = BIO_push(BIO_new(BIO_f_ebcdic_filter()), io);
+    filter = BIO_new(BIO_f_ebcdic_filter());
+    if (filter == NULL)
+        goto err;
+
+    io = BIO_push(filter, io);
 #endif
 
     if (s_debug) {
@@ -3403,6 +3436,9 @@ static int rev_body(int s, int stype, int prot, unsigned char *context)
     int ret = 1;
     SSL *con;
     BIO *io, *ssl_bio, *sbio;
+#ifdef CHARSET_EBCDIC
+    BIO *filter;
+#endif
 
     /* as we use BIO_gets(), and it always null terminates data, we need
      * to allocate 1 byte longer buffer to fit the full 2^14 byte record */
@@ -3432,6 +3468,12 @@ static int rev_body(int s, int stype, int prot, unsigned char *context)
     }
 
     sbio = BIO_new_socket(s, BIO_NOCLOSE);
+    if (sbio == NULL) {
+        SSL_free(con);
+        ERR_print_errors(bio_err);
+        goto err;
+    }
+
     SSL_set_bio(con, sbio, sbio);
     SSL_set_accept_state(con);
 
@@ -3440,7 +3482,11 @@ static int rev_body(int s, int stype, int prot, unsigned char *context)
     BIO_push(io, ssl_bio);
     ssl_bio = NULL;
 #ifdef CHARSET_EBCDIC
-    io = BIO_push(BIO_new(BIO_f_ebcdic_filter()), io);
+    filter = BIO_new(BIO_f_ebcdic_filter());
+    if (filter == NULL)
+        goto err;
+
+    io = BIO_push(filter, io);
 #endif
 
     if (s_debug) {

More information about the openssl-commits mailing list