Commit a03f81f4 authored by Rich Salz's avatar Rich Salz
Browse files

Fix NULL-return checks in 1.0.2 



RT4386: Add sanity checks for BN_new()
RT4384: Missing Sanity Checks for RSA_new_method()
RT4384: Missing Sanity Check plus potential NULL pointer deref
RT4382: Missing Sanity Check(s) for BUF_strdup()
RT4380: Missing Sanity Checks for EVP_PKEY_new()
RT4377: Prevent potential NULL pointer dereference
RT4375: Missing sanity checks for OPENSSL_malloc()
RT4374: Potential for NULL pointer dereferences
RT4371: Missing Sanity Check for malloc()
RT4370: Potential for NULL pointer dereferences

Also expand tabs, make update, typo fix (rsalz)
Minor tweak by Paul Dale.
Some minor internal review feedback.

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
parent 66e70832

apps/apps.c

+2 −1
Original line number Diff line number Diff line
@@ -215,7 +215,8 @@ int args_from_file(char *file, int *argc, char **argv[]) 
    if (arg != NULL)

        OPENSSL_free(arg);

    arg = (char **)OPENSSL_malloc(sizeof(char *) * (i * 2));



    if (arg == NULL)

        return 0;

    *argv = arg;

    num = 0;

    p = buf;

apps/ca.c

+8 −12
Original line number Diff line number Diff line
@@ -2103,25 +2103,21 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, 
        goto err;



    /* We now just add it to the database */

    row[DB_type] = (char *)OPENSSL_malloc(2);



    tm = X509_get_notAfter(ret);

    row[DB_exp_date] = (char *)OPENSSL_malloc(tm->length + 1);

    memcpy(row[DB_exp_date], tm->data, tm->length);

    row[DB_exp_date][tm->length] = '\0';



    row[DB_rev_date] = NULL;



    /* row[DB_serial] done already */

    row[DB_file] = (char *)OPENSSL_malloc(8);

    row[DB_type] = OPENSSL_malloc(2);

    row[DB_exp_date] = OPENSSL_malloc(tm->length + 1);

    row[DB_file] = OPENSSL_malloc(8);

    row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0);



    if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||

        (row[DB_file] == NULL) || (row[DB_name] == NULL)) {

        BIO_printf(bio_err, "Memory allocation failure\n");

        goto err;

    }

    BUF_strlcpy(row[DB_file], "unknown", 8);



    memcpy(row[DB_exp_date], tm->data, tm->length);

    row[DB_exp_date][tm->length] = '\0';

    row[DB_rev_date] = '\0';

    strcpy(row[DB_file], "unknown");

    row[DB_type][0] = 'V';

    row[DB_type][1] = '\0';

apps/speed.c

+4 −0
Original line number Diff line number Diff line
@@ -2614,6 +2614,10 @@ static int do_multi(int multi) 
    static char sep[] = ":";



    fds = malloc(multi * sizeof *fds);

    if (fds == NULL) {

        fprintf(stderr, "Out of memory in speed (do_multi)\n");

        exit(1);

    }

    for (n = 0; n < multi; ++n) {

        if (pipe(fd) == -1) {

            fprintf(stderr, "pipe failure\n");

crypto/asn1/asn_mime.c

+2 −0
Original line number Diff line number Diff line
@@ -623,6 +623,8 @@ static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret) 
                if (bpart)

                    sk_BIO_push(parts, bpart);

                bpart = BIO_new(BIO_s_mem());

                if (bpart == NULL)

                    return 1;

                BIO_set_mem_eof_return(bpart, 0);

            } else if (eol)

                BIO_write(bpart, "\r\n", 2);

crypto/bio/bss_rtcp.c

+2 −0
Original line number Diff line number Diff line
@@ -170,6 +170,8 @@ static int rtcp_new(BIO *bi) 
    bi->num = 0;

    bi->flags = 0;

    bi->ptr = OPENSSL_malloc(sizeof(struct rpc_ctx));

    if (bi->ptr == NULL)

        return (0);

    ctx = (struct rpc_ctx *)bi->ptr;

    ctx->filled = 0;

    ctx->pos = 0;