Commit e5a5e3f3 authored by FdaSilvaYY's avatar FdaSilvaYY Committed by Matt Caswell
Browse files

Add checks on CRYPTO_set_ex_data return value 


Fix possible leak in danetest.c

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
parent a98810bf

crypto/engine/eng_dyn.c

+7 −4
Original line number Diff line number Diff line
@@ -154,6 +154,7 @@ static void dynamic_data_ctx_free_func(void *parent, void *ptr, 
static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx)

{

    dynamic_data_ctx *c = OPENSSL_zalloc(sizeof(*c));

    int ret = 1;



    if (c == NULL) {

        ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX, ERR_R_MALLOC_FAILURE);
@@ -173,10 +174,12 @@ static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx) 
                                                       dynamic_ex_data_idx))

        == NULL) {

        /* Good, we're the first */

        ENGINE_set_ex_data(e, dynamic_ex_data_idx, c);

        ret = ENGINE_set_ex_data(e, dynamic_ex_data_idx, c);

        if (ret) {

            *ctx = c;

            c = NULL;

        }

    }

    CRYPTO_THREAD_unlock(global_engine_lock);

    /*

     * If we lost the race to set the context, c is non-NULL and *ctx is the
@@ -185,7 +188,7 @@ static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx) 
    if (c)

        sk_OPENSSL_STRING_free(c->dirs);

    OPENSSL_free(c);

    return 1;

    return ret;

}



/*

test/danetest.c

+5 −3
Original line number Diff line number Diff line
@@ -74,7 +74,7 @@ static void print_errors(void) 


static int verify_chain(SSL *ssl, STACK_OF(X509) *chain)

{

    int ret;

    int ret = -1;

    X509_STORE_CTX *store_ctx;

    SSL_CTX *ssl_ctx = SSL_get_SSL_CTX(ssl);

    X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
@@ -85,8 +85,9 @@ static int verify_chain(SSL *ssl, STACK_OF(X509) *chain) 
        return -1;



    if (!X509_STORE_CTX_init(store_ctx, store, cert, chain))

        return 0;

    X509_STORE_CTX_set_ex_data(store_ctx, store_ctx_idx, ssl);

        goto end;

    if (!X509_STORE_CTX_set_ex_data(store_ctx, store_ctx_idx, ssl))

        goto end;



    X509_STORE_CTX_set_default(store_ctx,

            SSL_is_server(ssl) ? "ssl_client" : "ssl_server");
@@ -101,6 +102,7 @@ static int verify_chain(SSL *ssl, STACK_OF(X509) *chain) 


    SSL_set_verify_result(ssl, X509_STORE_CTX_get_error(store_ctx));

    X509_STORE_CTX_cleanup(store_ctx);

end:

    X509_STORE_CTX_free(store_ctx);



    return (ret);

util/indent.pro

+0 −3
Original line number Diff line number Diff line
@@ -187,11 +187,8 @@ 
-T CRYPTO_EX_DATA_FUNCS

-T CRYPTO_EX_DATA_IMPL

-T CRYPTO_EX_dup

-T CRYPTO_EX_dup

-T CRYPTO_EX_free

-T CRYPTO_EX_free

-T CRYPTO_EX_new

-T CRYPTO_EX_new

-T CRYPTO_MEM_LEAK_CB

-T CRYPTO_THREADID

-T CRYPTO_dynlock_value