[openssl.org #3083] [PATCH] Adds sanity checking to malloc()/calloc()/alloca() calls in OpenSSL 1.0.1c

2013-06-29 Thread Bill Parker via RT 
Hello All,

I am not sure that the patches below correct any potential
security issue, but use of values returned from calloc()/malloc()
and alloca() without checking for NULL may result in undesirable
behavior in OpenSSL 1.0.1c.  The patches below result in a
clean './config' and 'make' under CentOS 6.3 (64-bit).

In reviewing OpenSSL-1.0.1c, I found two instances where
calloc() is called without a check for a return value of NULL
which indicates failure.  I found these calls in directory
'openssl-1.0.1c/crypto/engine', file 'eng_cryptodev.c'.

The patch to add the necessary checks is below:

--- eng_cryptodev.c.orig2012-12-16 13:41:49.948556585 -0800
+++ eng_cryptodev.c 2012-12-16 13:46:14.780548132 -0800
@@ -1001,11 +1001,19 @@

if (r) {
kop-crk_param[kop-crk_iparams].crp_p = calloc(rlen,
sizeof(char));
+if (kop-crk_param[kop-crk_iparams].crp_p == NULL) {
+printf(cryptodev_asym: Can't allocate memory via
calloc() \n);
+return (ret);
+}
kop-crk_param[kop-crk_iparams].crp_nbits = rlen * 8;
kop-crk_oparams++;
}
if (s) {
kop-crk_param[kop-crk_iparams+1].crp_p = calloc(slen,
sizeof(char));
+if (kop-crk_param[kop-crk_iparams+1].crp_p == NULL) {
+printf(cryptodev_asym: Can't allocate memory via
calloc() \n);
+return (ret);
+}
kop-crk_param[kop-crk_iparams+1].crp_nbits = slen * 8;
kop-crk_oparams++;
}

Here is the object file produced by 'make':

-rw-r--r--. 1 root root  1240 Dec 16 18:14 eng_cryptodev.o
In directory 'openssl-1.0.1c/apps', file 'speed.c', I found an
instance of malloc() without a check for a return value of NULL
indicating failure.  The patch file below adds the check for
the return value from malloc():

--- speed.c.orig2012-12-16 14:08:21.308630505 -0800
+++ speed.c 2012-12-16 14:10:07.472567659 -0800
@@ -2655,6 +2655,11 @@
static char sep[]=:;

fds=malloc(multi*sizeof *fds);
+if (fds == NULL)
+{
+fprintf(stderr, do_multi: unable to allocate memory\n);
+exit(1);
+}
for(n=0 ; n  multi ; ++n)
{
if (pipe(fd) == -1)

Here is the object file produced by 'make':

-rw-r--r--. 1 root root 116096 Dec 16 18:16 speed.o

In directory 'openssl-1.0.1c/crypto/pkcs7', file 'example.c',
I found a number of instances where malloc() was called, but
no check for a return value of NULL was made, indicating
failure.  The patch file below adds the necessary checks
to all malloc() calls which lack such checks:

--- example.c.orig  2012-12-16 14:16:02.150623343 -0800
+++ example.c   2012-12-16 14:20:50.590549277 -0800
@@ -95,6 +95,8 @@
total=ASN1_object_size(1,i,V_ASN1_SEQUENCE);

data=malloc(total);
+if (data == NULL)
+return 0;   /* unable to allocate memory, leave */
p=data;
ASN1_put_object(p,1,i,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
i2d_ASN1_OCTET_STRING(os1,p);
@@ -147,6 +149,8 @@
if (!asn1_const_Finish(c)) goto err;
*str1=malloc(os1-length+1);
*str2=malloc(os2-length+1);
+if ((*str1 == NULL) || (*str2 == NULL))
+goto err;   /* unable to allocate memory, error */
memcpy(*str1,os1-data,os1-length);
memcpy(*str2,os2-data,os2-length);
(*str1)[os1-length]='\0';
@@ -259,6 +263,8 @@
total=ASN1_object_size(1,i,V_ASN1_SEQUENCE);

data=malloc(total);
+if (data == NULL)
+return 0;   /* unable to allocate memory */
p=data;
ASN1_put_object(p,1,i,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
i2d_ASN1_OCTET_STRING(os1,p);
@@ -314,6 +320,8 @@
if (!asn1_const_Finish(c)) goto err;
*str1=malloc(os1-length+1);
*str2=malloc(os2-length+1);
+if ((*str1 == NULL) || (*str2 == NULL))
+goto err; /* unable to allocate memory, error   */
memcpy(*str1,os1-data,os1-length);
memcpy(*str2,os2-data,os2-length);
(*str1)[os1-length]='\0';

In directory 'openssl-1.0.1c/crypto', file 'cryptlib.c', I found
an instance of alloca() being called without a return value check
being performed.  A value of NULL being returned would mean
that there is not enough stack space available left to properly
complete the call.  The patch file is below:
--- cryptlib.c.orig 2012-12-16 16:37:54.969527776 -0800
+++ cryptlib.c  2012-12-16 16:38:59.718553187 -0800
@@ -811,6 +811,7 @@
 if (len512) return -1;/* paranoia */
 len++,len=~1; /* paranoia */
 name=(WCHAR *)alloca(len+sizeof(WCHAR));
+if (name ==

[openssl-dev] [openssl.org #4402] [PATCH] Missing Sanity Check for BN_new in 'apps/prime.c' for OpenSSL-1.1 pre4

2016-03-09 Thread Bill Parker via RT 
Hello All,

In reviewing code in directory 'apps', file 'prime.c', there is a
call to BN_new() which is not checked for a return value of NULL,
indicating failure.  The patch file below should address/correct this
issue:

--- prime.c.orig2016-03-08 16:13:24.841500061 -0800
+++ prime.c 2016-03-08 16:15:33.587863062 -0800
@@ -122,6 +122,10 @@
 goto end;
 }
 bn = BN_new();
+   if (bn == NULL) {
+   BIO_printf(bio_err, "Out of memory\n");
+   goto end;
+   }
 BN_generate_prime_ex(bn, bits, safe, NULL, NULL, NULL);
 s = hex ? BN_bn2hex(bn) : BN_bn2dec(bn);
 BIO_printf(bio_out, "%s\n", s);


===

Bill Parker (wp02855 at gmail dot com)

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4402
Please log in as guest with password guest if prompted



prime.c.patch
Description: Binary data
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4404] [PATCH] Missing Sanity Check for OPENSSL_strdup() in OpenSSL-1.1 pre-4

2016-03-09 Thread Bill Parker via RT 
Hello All,

In reviewing code in directory 'crypto/conf', file 'conf_mod.c',
there is a call to OPENSSL_strdup() which is not checked for a
return value of NULL, indicating failure.

The patch file below adds the test, and releases the previously allocated
memory assigned to 'tmod':

--- conf_mod.c.orig 2016-03-08 18:05:52.017031376 -0800
+++ conf_mod.c  2016-03-08 18:08:22.865203402 -0800
@@ -284,6 +284,10 @@

 tmod->dso = dso;
 tmod->name = OPENSSL_strdup(name);
+if (tmod->name == NULL) {
+   OPENSSL_free(tmod);
+   return NULL;
+}
 tmod->init = ifunc;
 tmod->finish = ffunc;

===


Bill Parker (wp02855 at gmail dot com)

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4404
Please log in as guest with password guest if prompted



openssl11-conf_mod.c.patch
Description: Binary data
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4401] [PATCH] plug potential memory leak(s) in OpenSSL 1.1 pre 4 in 'ec_lib.c'

2016-03-09 Thread Bill Parker via RT 
Geez,

What did I start here (egad) :)

Bill

On Wed, Mar 9, 2016 at 5:03 AM, Salz, Rich via RT  wrote:

> > No, you got that right, NULL being 'safe' to free varies with OS.
>
> Except we mandate ANSI C which means it's portable :)
>
> --
> Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4401
> Please log in as guest with password guest if prompted
>
>

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4401
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4403] [PATCH] prevent OPENSSL_realloc() from clobbering old pointer value on failure in OpenSSL-1.1 pre-4

2016-03-09 Thread Bill Parker via RT 
Hello All,

In reviewing code in directory 'crypto/modes', file 'ocb128.c', there is a
call to OPENSSL_realloc() which has the potential to clobber the old value
of
variable 'ctx->l', if the call returns NULL.

The patch file below uses a void *tmp_ptr to prevent this from occuring:

--- ocb128.c.orig   2016-03-08 16:29:47.856436204 -0800
+++ ocb128.c2016-03-08 16:31:51.241117763 -0800
@@ -140,6 +140,7 @@
 static OCB_BLOCK *ocb_lookup_l(OCB128_CONTEXT *ctx, size_t idx)
 {
 size_t l_index = ctx->l_index;
+void *tmp_ptr;

 if (idx <= l_index) {
 return ctx->l + idx;
@@ -157,10 +158,11 @@
  * the index.
  */
 ctx->max_l_index += (idx - ctx->max_l_index + 4) & ~3;
-ctx->l =
+tmp_ptr =
 OPENSSL_realloc(ctx->l, ctx->max_l_index * sizeof(OCB_BLOCK));
-if (ctx->l == NULL)
+if (tmp_ptr == NULL) /* prevent ctx->l from being clobbered */
 return NULL;
+   ctx->l = tmp_ptr;
 }
 while (l_index < idx) {
 ocb_double(ctx->l + l_index, ctx->l + l_index + 1);

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4403
Please log in as guest with password guest if prompted



ocb128.c.patch
Description: Binary data
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4401] [PATCH] plug potential memory leak(s) in OpenSSL 1.1 pre 4 in 'ec_lib.c'

2016-03-08 Thread Bill Parker via RT 
I must be brain dead today, since free'ing something that is already NULL
is not a problem (geez)...

Heh

On Tue, Mar 8, 2016 at 12:01 PM, Salz, Rich via RT  wrote:

>
> > +   if (dest->mont_data != NULL)
> > +   BN_MONT_CTX_free(dest->mont_data);
>
> Free routines don't need to check for non-NULL.
>
>
> --
> Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4401
> Please log in as guest with password guest if prompted
>
>

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4401
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4400] [PATCH] plug potential memory leak in OpenSSL 1.1 pre 4

2016-03-08 Thread Bill Parker via RT 
Hello All,

In reviewing source code in directory 'crypto/ocsp', file 'ocsp_ht.c',
there is a minor flaw in the test logic which could allow a small memory
leak to develop.  The patch file below should address/correct this issue:

--- ocsp_ht.c.orig  2016-03-08 10:24:51.821632969 -0800
+++ ocsp_ht.c   2016-03-08 10:26:32.062373052 -0800
@@ -119,13 +119,18 @@
 rctx->state = OHS_ERROR;
 rctx->max_resp_len = OCSP_MAX_RESP_LENGTH;
 rctx->mem = BIO_new(BIO_s_mem());
+if (rctx->mem == NULL)
+   OCSP_REQ_CTX_free(rctx);
+   return NULL;
+}
 rctx->io = io;
 if (maxline > 0)
 rctx->iobuflen = maxline;
 else
 rctx->iobuflen = OCSP_MAX_LINE_LEN;
 rctx->iobuf = OPENSSL_malloc(rctx->iobuflen);
-if (rctx->iobuf == NULL || rctx->mem == NULL) {
+if (rctx->iobuf == NULL) {
+   OCSP_REQ_CTX_free(rctx->mem);
 OCSP_REQ_CTX_free(rctx);
 return NULL;
 }

===

Bill Parker (wp02855 at gmail dot com)

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4400
Please log in as guest with password guest if prompted



ocsp_ht.c.patch
Description: Binary data
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4401] [PATCH] plug potential memory leak(s) in OpenSSL 1.1 pre 4 in 'ec_lib.c'

2016-03-08 Thread Bill Parker via RT 
Hello All,

In reviewing code in directory 'crypto/ec', file 'ec_lib.c'', there
appears to be allocated memory which is not released when a return 0;
is encountered in some cases of OPENSSL_malloc().  The patch file below
should address/correct these minor leaks:

--- ec_lib.c.orig   2016-03-08 10:46:45.885643748 -0800
+++ ec_lib.c2016-03-08 10:53:51.196698596 -0800
@@ -231,8 +231,11 @@
 if (src->generator != NULL) {
 if (dest->generator == NULL) {
 dest->generator = EC_POINT_new(dest);
-if (dest->generator == NULL)
+if (dest->generator == NULL) {
+   if (dest->mont_data != NULL)
+   BN_MONT_CTX_free(dest->mont_data);
 return 0;
+   }
 }
 if (!EC_POINT_copy(dest->generator, src->generator))
 return 0;
@@ -256,7 +259,11 @@
 if (src->seed) {
 OPENSSL_free(dest->seed);
 dest->seed = OPENSSL_malloc(src->seed_len);
-if (dest->seed == NULL)
+if (dest->seed == NULL) {
+   if (dest->mont_data != NULL)
+   EC_POINT_clear_free(dest->mont_data);
+   if (dest->generator != NULL)
+   EC_POINT_clear_free(dest->generator);
 return 0;
 if (!memcpy(dest->seed, src->seed, src->seed_len))
 return 0;

===

Bill Parker (wp02855 at gmail dot com)

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4401
Please log in as guest with password guest if prompted



ec_lib.c.patch
Description: Binary data
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4372] [PATCH] Missing sanity check for OPENSSL_malloc() in openssl-1.0.2g in th-lock.c

2016-03-02 Thread Bill Parker via RT 
Hello All,

In reviewing code in OpenSSL-1.0.2g, in directory 'crypto/threads', file
'th-lock.c', in function 'CRYPTO_thread_setup', there is a call to
OPENSSL_malloc()
which is not checked for a return value of NULL, indicating failure.

The patch file below should address/correct this issue:

--- th-lock.c.orig  2016-03-01 18:46:39.633840674 -0800
+++ th-lock.c   2016-03-01 18:47:40.408564829 -0800
@@ -177,6 +177,10 @@
 return;
 }
 lock_count = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
+if (!lock_count) {
+   /* Nothing we can do about this...void function! */
+   return;
+}
 for (i = 0; i < CRYPTO_num_locks(); i++) {
 lock_count[i] = 0;
 # ifdef USE_MUTEX


===

Bill Parker (wp02855 at gmail dot com)

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4372
Please log in as guest with password guest if prompted



th-lock.c.patch
Description: Binary data
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4370] [PATCH] Potential for NULL pointer dereferences in OpenSSL-1.0.2g (CWE-476)

2016-03-02 Thread Bill Parker via RT 
Hello All,

In reviewing source code in directory 'openssl-1.0.2g/apps', in file
'ca.c', there are a few instances where OPENSSL_malloc() is called, but
immediately afterwards a call to memcpy() is made with the return value
from the call, but the check for NULL is made AFTER the memcpy().

However, if the 1st argument to memcpy() is NULL, a segmentation fault/
violation will occur.  The patch file below should address/correct this
issue:

--- ca.c.orig   2016-03-01 18:08:42.795466224 -0800
+++ ca.c2016-03-01 18:13:10.149445540 -0800
@@ -2107,6 +2107,10 @@

 tm = X509_get_notAfter(ret);
 row[DB_exp_date] = (char *)OPENSSL_malloc(tm->length + 1);
+if (row[DB_exp_date] == NULL) {
+   BIO_printf(bio_err, "Memory allocation failure\n");
+   goto err;
+}
 memcpy(row[DB_exp_date], tm->data, tm->length);
 row[DB_exp_date][tm->length] = '\0';

@@ -2116,7 +2120,7 @@
 row[DB_file] = (char *)OPENSSL_malloc(8);
 row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0);

-if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
+if ((row[DB_type] == NULL) ||
 (row[DB_file] == NULL) || (row[DB_name] == NULL)) {
 BIO_printf(bio_err, "Memory allocation failure\n");
 goto err;
@@ -2375,6 +2379,10 @@

 tm = X509_get_notAfter(x509);
 row[DB_exp_date] = (char *)OPENSSL_malloc(tm->length + 1);
+   if (row[DB_exp_date] == NULL) {
+   BIO_printf(bio_err, "Memory allocation failure\n");
+   goto err;
+   }
 memcpy(row[DB_exp_date], tm->data, tm->length);
 row[DB_exp_date][tm->length] = '\0';

@@ -2385,8 +2393,7 @@

 /* row[DB_name] done already */

-if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
-(row[DB_file] == NULL)) {
+if ((row[DB_type] == NULL) || (row[DB_file] == NULL)) {
 BIO_printf(bio_err, "Memory allocation failure\n");
 goto err;
 }

===

In directory 'openssl-1.0.2g/crypto/engine', file 'eng_cryptodev.c',
there is a call to OPENSSL_malloc() in function 'cryptodev_digest_copy()'
where the return value is not checked for NULL, but immediately afterwards
the statement:

memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);

is processed, but if dstate->mac_data is NULL, this will cause a
segmentation
fault/violation.

The patch file below should address/correct this issue:

--- eng_cryptodev.c.orig2016-03-01 19:31:03.315380900 -0800
+++ eng_cryptodev.c 2016-03-01 19:32:43.154069884 -0800
@@ -937,6 +937,10 @@
 if (fstate->mac_len != 0) {
 if (fstate->mac_data != NULL) {
 dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
+   if (dstate->mac_data == NULL) {
+   printf("cryptodev_digest_init: Memory allocation failed\n");
+   return (0);
+   }
 memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
 dstate->mac_len = fstate->mac_len;
 }


===

In directory 'openssl-1.0.2g/crypto/x509v3', in file 'v3_alt.c', there
is a call to OPENSSL_malloc() which is not checked for a return value
of NULL, indicating failure in function 'static int do_othername()',
but immediately afterwards the statement:

strncpy(objtmp, value, objlen);

is processed, but if 'objtmp' is NULL, this will generate a segmentation
fault/violation:

The patch file below should address/correct this issue:

--- v3_alt.c.orig   2016-03-01 19:51:02.114742135 -0800
+++ v3_alt.c2016-03-01 19:51:52.816186027 -0800
@@ -573,6 +573,8 @@
 return 0;
 objlen = p - value;
 objtmp = OPENSSL_malloc(objlen + 1);
+if (objtmp == NULL)
+   return 0;
 strncpy(objtmp, value, objlen);
 objtmp[objlen] = 0;
 gen->d.otherName->type_id = OBJ_txt2obj(objtmp, 0);

===

In directory 'openssl-1.0.2g/crypto/ui', in file 'ui_lib.c', there
is a call to OPENSSL_malloc() which is not checked for a return value
of NULL, indicating failure, but immediately afterwards the statement:

BUF_strlcpy(prompt, prompt1, len + 1);

is processed, but if 'prompt' is NULL, this will generate a segmentation
fault/violation:

The patch file below should address/correct this issue:

--- ui_lib.c.orig   2015-09-12 09:05:14.19300 -0700
+++ ui_lib.c2015-09-12 09:56:53.32800 -0700
@@ -413,6 +413,9 @@
 len += sizeof(prompt3) - 1;

 prompt = (char *)OPENSSL_malloc(len + 1);
+   if (prompt == NULL) {
+   return NULL;
+   }
 BUF_strlcpy(prompt, prompt1, len + 1);
 BUF_strlcat(prompt, object_desc, len + 1);
 if (object_name) {

===

-- 
Ticket here:

[openssl-dev] [openssl.org #4380] [PATCH] Missing Sanity Checks for EVP_PKEY_new() in OpenSSL-1.0.2g

2016-03-05 Thread Bill Parker via RT 
Hello All,

In reviewing code in directory 'crypto/evp', file 'pmeth_gn.c', in
function 'EVP_PKEY_keygen()', there is a call to EVP_PKEY_new() which
is not checked for a return value of NULL, indicating failure.

This test is done in function 'EVP_PKEY_paramgen()', but looks like it
was left out in function 'EVP_PKEY_keygen()' it would appear.

The patch file below should address/correct this issue:

--- pmeth_gn.c.orig 2016-03-05 06:15:29.530259070 -0800
+++ pmeth_gn.c  2016-03-05 06:18:17.940663167 -0800
@@ -152,6 +152,11 @@
 if (!*ppkey)
 *ppkey = EVP_PKEY_new();

+if (*ppkey == NULL) {
+   EVPerr(EVP_F_EVP_PKEY_PARAMGEN, ERR_R_MALLOC_FAILURE);
+   return -1;
+}
+
 ret = ctx->pmeth->keygen(ctx, *ppkey);
 if (ret <= 0) {
 EVP_PKEY_free(*ppkey);

===

In directory 'engines/ccgost', file 'gost94_keyx.c', there is a
call to 'EVP_PKEY_new()' which are not checked for a return value of
NULL, indicating failure.

The patch file below should address/correct this issue:

--- gost94_keyx.c.orig  2016-03-05 06:25:00.168784292 -0800
+++ gost94_keyx.c   2016-03-05 06:27:47.325028991 -0800
@@ -126,6 +126,8 @@
 key_is_ephemeral = 1;
 if (out) {
 mykey = EVP_PKEY_new();
+   if (!mykey)
+   goto memerr;
 EVP_PKEY_assign(mykey, EVP_PKEY_base_id(pubk), DSA_new());
 EVP_PKEY_copy_parameters(mykey, pubk);
 if (!gost_sign_keygen(EVP_PKEY_get0(mykey))) {

===

In directory 'engines/ccgost', file 'gost2001_keyx.c', there is a
call to 'EVP_PKEY_new()' which are not checked for a return value of
NULL, indicating failure.

The patch file below should address/correct this issue:

--- gost2001_keyx.c.orig2016-03-05 06:29:48.056373325 -0800
+++ gost2001_keyx.c 2016-03-05 06:30:23.400865428 -0800
@@ -147,6 +147,8 @@
 key_is_ephemeral = 1;
 if (out) {
 sec_key = EVP_PKEY_new();
+   if (!sec_key)
+   goto memerr;
 EVP_PKEY_assign(sec_key, EVP_PKEY_base_id(pubk), EC_KEY_new());
 EVP_PKEY_copy_parameters(sec_key, pubk);
 if (!gost2001_keygen(EVP_PKEY_get0(sec_key))) {


===

Bill Parker (wp02855 at gmail dot com)

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4380
Please log in as guest with password guest if prompted



pmeth_gn.c.patch
Description: Binary data


gost94_keyx.c.patch
Description: Binary data


gost2001_keyx.c.patch
Description: Binary data
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4371] [PATCH] Missing Sanity Check for malloc() in openssl-1.0.2g for 'apps/speed.c'

2016-03-02 Thread Bill Parker via RT 
Hello All,

In reviewing source code for OpenSSL-1.0.2g, it would appear in file
'apps/speed.c', in function 'static int do_multi()', a call to malloc()
is made without being tested for a return value of NULL, indicating failure.

The patch file below should address/correct this issue:

--- speed.c.orig2016-03-01 18:19:44.213529059 -0800
+++ speed.c 2016-03-01 18:21:24.822315918 -0800
@@ -2614,6 +2614,10 @@
 static char sep[] = ":";

 fds = malloc(multi * sizeof *fds);
+if (fds == NULL) {
+   fprintf(stderr, "out of memory\n");
+   exit(1);
+}
 for (n = 0; n < multi; ++n) {
 if (pipe(fd) == -1) {
 fprintf(stderr, "pipe failure\n");

Should the call to malloc() be changed to OPENSSL_malloc() as well?

Bill Parker (wp02855 at gmail dot com)

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4371
Please log in as guest with password guest if prompted



speed.c.patch
Description: Binary data
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4374] [PATCH] Potential for NULL pointer dereferences in OpenSSL-1.0.2g (CWE-476)

2016-03-03 Thread Bill Parker via RT 
Hello All,

In reviewing source code in directory 'openssl-1.0.2g/crypto/evp',
in file 'openbsd_hw.c', there are a few instances where OPENSSL_malloc()
is called, but immediately afterwards a call to memcpy() is made with
the return value from the call to OPENSSL_malloc(), but no check for
a return value of NULL is made after OPENSSL_malloc() returns.

However, if the 1st argument to memcpy() is NULL, a segmentation fault/
violation will occur.  The patch file below should address/correct this
issue:

--- openbsd_hw.c.orig   2016-03-02 15:36:57.236927351 -0800
+++ openbsd_hw.c2016-03-02 15:40:29.525908189 -0800
@@ -133,6 +133,10 @@
 return 0;

 CDATA(ctx)->key = OPENSSL_malloc(MAX_HW_KEY);
+if (CDATA(ctx)->key == NULL {
+   err("CDATA(ctx)->key memory allocation failed");
+   return 0;
+}

 assert(ctx->cipher->iv_len <= MAX_HW_IV);

@@ -186,6 +190,11 @@

 if (((unsigned long)in & 3) || cinl != inl) {
 cin = OPENSSL_malloc(cinl);
+   if (cin == NULL) {
+   err("cin - memory allocation failed");
+   abort();
+   return 0;
+   }
 memcpy(cin, in, inl);
 cryp.src = cin;
 }
@@ -334,6 +343,11 @@
 char *dcopy;

 dcopy = OPENSSL_malloc(len);
+   if (dcopy == NULL) {
+   err("dcopy - memory allocation failed");
+   abort();
+   return 0;
+   }
 memcpy(dcopy, data, len);
 cryp.src = dcopy;
 cryp.dst = cryp.src; // FIXME!!!
@@ -397,6 +411,10 @@
 assert(from->digest->flags & EVP_MD_FLAG_ONESHOT);

 to_md->data = OPENSSL_malloc(from_md->len);
+if (to_md->data == NULL) {
+   err("DEV_CRYPTO_MD5_COPY: unable to allocate memory");
+   return 0;
+}
 memcpy(to_md->data, from_md->data, from_md->len);

 return 1;

===

Hello All,

In reviewing source code in directory 'engines/ccgost', in file
'gost_ameth.c', there are a few instances where OPENSSL_malloc()
is called, but no check for a return value of NULL is made.  However,
immediately afterwards statments which access the allocated memory
are used (array access/memset(), etc) which will result in a segmentation
fault/violation occuring if NULL is returned from the OPENSSL_malloc()
call.

The patch file below should address/correct this issue:

--- gost_ameth.c.orig   2016-03-02 16:43:36.014151374 -0800
+++ gost_ameth.c2016-03-02 16:45:59.978448496 -0800
@@ -617,6 +617,10 @@
 return 0;
 }
 databuf = OPENSSL_malloc(octet->length);
+if (!databuf) {
+   GOSTerr(GOST_F_PUB_DECODE_GOST94, ERR_R_MALLOC_FAILURE);
+   return 0;
+}
 for (i = 0, j = octet->length - 1; i < octet->length; i++, j--) {
 databuf[j] = octet->data[i];
 }
@@ -646,6 +650,8 @@
 }
 data_len = BN_num_bytes(dsa->pub_key);
 databuf = OPENSSL_malloc(data_len);
+if (!databuf)
+   return 0;
 BN_bn2bin(dsa->pub_key, databuf);
 octet = ASN1_OCTET_STRING_new();
 ASN1_STRING_set(octet, NULL, data_len);
@@ -686,6 +692,10 @@
 return 0;
 }
 databuf = OPENSSL_malloc(octet->length);
+if (!databuf) {
+   GOSTerr(GOST_F_PUB_DECODE_GOST01, ERR_R_MALLOC_FAILURE);
+   return 0;
+}
 for (i = 0, j = octet->length - 1; i < octet->length; i++, j--) {
 databuf[j] = octet->data[i];
 }
@@ -760,6 +770,10 @@
 data_len = 2 * BN_num_bytes(order);
 BN_free(order);
 databuf = OPENSSL_malloc(data_len);
+if (!databuf) {
+   GOSTerr(GOST_F_PUB_DECODE_GOST01, ERR_R_MALLOC_FAILURE);
+   return 0;
+}
 memset(databuf, 0, data_len);

 store_bignum(X, databuf + data_len / 2, data_len / 2);

===

Hello All,

In reviewing source code in directory 'engines/ccgost', in file
'gost_pmeth.c', there are a few instances where OPENSSL_malloc()
is called, but no check for a return value of NULL is made.  However,
immediately afterwards statments which access the allocated memory
are used (memcpy()/memset(), etc) which will result in a segmentation
fault/violation occuring if NULL is returned from the OPENSSL_malloc()
call.

The patch file below should address/correct this issue:

--- gost_pmeth.c.orig   2016-03-02 17:24:49.503519153 -0800
+++ gost_pmeth.c2016-03-02 17:27:27.179558967 -0800
@@ -107,6 +107,8 @@
 return 1;
 case EVP_PKEY_CTRL_SET_IV:
 pctx->shared_ukm = OPENSSL_malloc((int)p1);
+   if (!pctx->shared_ukm)
+   return 0;
 memcpy(pctx->shared_ukm, p2, (int)p1);
 return 1;
 case EVP_PKEY_CTRL_PEER_KEY:
@@ -533,6 +535,8 @@
 return 0;
 }
 keydata = OPENSSL_malloc(32);
+if (!keydata)
+   return 0;
 memcpy(keydata, data->key, 32);

[openssl-dev] [openssl.org #4375] [PATCH] Missing Sanity Checks for OPENSSL_malloc() in OpenSSL-1.0.2g

2016-03-03 Thread Bill Parker via RT 
Hello All,

In reviewing code in OpenSSL-1.0.2g, in directory 'ssl', file
'ssl_ciph.c', in function ''SSL_COMP_add_compression_method()'',
there is a call to OPENSSL_malloc() which is not checked for a
return value of NULL, indicating failure.

The patch file below should address/correct this issue:

--- ssl_ciph.c.orig 2016-03-02 17:39:01.677826126 -0800
+++ ssl_ciph.c  2016-03-02 17:40:51.942840242 -0800
@@ -1996,6 +1996,8 @@

 MemCheck_off();
 comp = (SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
+if (comp == NULL)
+   return 1;
 comp->id = id;
 comp->method = cm;
 load_builtin_compressions();

===

Hello All,

In reviewing code in OpenSSL-1.0.2g, in directory 'crypto/bio', file
'bss_rtcp.c', in function 'rtcp_new()', there is a call to
OPENSSL_malloc() which is not checked for a return value of NULL,
indicating failure.

The patch file below should address/correct this issue:

--- bss_rtcp.c.orig 2016-03-02 15:25:08.307826108 -0800
+++ bss_rtcp.c  2016-03-02 15:25:47.326785217 -0800
@@ -170,6 +170,8 @@
 bi->num = 0;
 bi->flags = 0;
 bi->ptr = OPENSSL_malloc(sizeof(struct rpc_ctx));
+if (bi->ptr == NULL)
+   return (0);
 ctx = (struct rpc_ctx *)bi->ptr;
 ctx->filled = 0;
 ctx->pos = 0;

===

Hello All,

In reviewing code in OpenSSL-1.0.2g, in directory 'apps', file
'apps.c', in function 'args_from_file()', there is a call to
OPENSSL_malloc() which is not checked for a return value of NULL,
indicating failure.

The patch file below should address/correct this issue:

--- apps.c.orig 2016-03-02 15:27:24.293109138 -0800
+++ apps.c  2016-03-02 15:27:48.108135906 -0800
@@ -215,7 +215,8 @@
 if (arg != NULL)
 OPENSSL_free(arg);
 arg = (char **)OPENSSL_malloc(sizeof(char *) * (i * 2));
-
+if (arg == NULL)
+   return (0);
 *argv = arg;
 num = 0;
 p = buf;

===

Hello All,

In reviewing code in OpenSSL-1.0.2g, in directory 'crypto/x509', file
'by_dir.c', in function 'get_cert_by_subject()', there is a call to
OPENSSL_malloc() which is not checked for a return value of NULL,
indicating failure.

The patch file below should address/correct this issue:

--- by_dir.c.orig   2016-03-02 15:29:32.361385958 -0800
+++ by_dir.c2016-03-02 15:30:04.762503973 -0800
@@ -401,6 +401,10 @@
 }
 if (!hent) {
 hent = OPENSSL_malloc(sizeof(BY_DIR_HASH));
+   if (hent == NULL) {
+   X509err(X509_F_GET_CERT_BY_SUBJECT,
ERR_R_MALLOC_FAILURE);
+   goto finish;
+   }
 hent->hash = h;
 hent->suffix = k;
 if (!sk_BY_DIR_HASH_push(ent->hashes, hent)) {

===

Hello All,

In reviewing code in OpenSSL-1.0.2g, in directory 'engines', file
'e_capi.c', in function 'capi_get_provname()', there is a call to
OPENSSL_malloc() or alloca() which is not checked for a return value
of NULL, indicating failure.

In function 'capi_cert_get_fname()', there is a call to OPENSSL_malloc()
which is not checked for a return value of NULL, indicating failure.

In function '*capi_get_key()', there is a call to OPENSSL_malloc()
which is not checked for a return value of NULL, indicating failure.

The patch file below should address/correct this issue:

--- e_capi.c.orig   2016-03-02 15:31:15.011432251 -0800
+++ e_capi.c2016-03-02 15:35:24.264110984 -0800
@@ -1106,6 +1106,10 @@
 name = alloca(len);
 else
 name = OPENSSL_malloc(len);
+if (name == NULL) {
+   CAPIerr(CAPI_F_CAPI_GET_PROVNAME, ERR_R_MALLOC_FAILURE);
+   return 0;
+}
 if (!CryptEnumProviders(idx, NULL, 0, ptype, name, )) {
 err = GetLastError();
 if (err == ERROR_NO_MORE_ITEMS)
@@ -1286,6 +1290,10 @@
 (cert, CERT_FRIENDLY_NAME_PROP_ID, NULL, ))
 return NULL;
 wfname = OPENSSL_malloc(dlen);
+if (wfname == NULL) {
+   CAPIerr(CAPI_F_CAPI_CERT_GET_FNAME, ERR_R_MALLOC_FAILURE);
+   return NULL;
+}
 if (CertGetCertificateContextProperty
 (cert, CERT_FRIENDLY_NAME_PROP_ID, wfname, )) {
 char *fname = wide_to_asc(wfname);
@@ -1436,6 +1444,11 @@
 CAPI_KEY *key;
 DWORD dwFlags = 0;
 key = OPENSSL_malloc(sizeof(CAPI_KEY));
+if (key == NULL) {
+   CAPIerr(CAPI_F_CAPI_GET_KEY, ERR_R_MALLOC_FAILURE);
+   capi_addlasterror();
+   goto err;
+}
 if (sizeof(TCHAR) == sizeof(char))
 CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s,
type=%d\n",
contname, provname, ptype);
===

Hello All,

In reviewing code in OpenSSL-1.0.2g, in directory

[openssl-dev] [openssl.org #4381] [PATCH] Missing Sanity Check for OBJ_nid2obj() in OpenSSL-1.0.2g

2016-03-07 Thread Bill Parker via RT 
In reviewing code in directory 'crypto/asn1', file 'asn_moid.c', in
function 'do_create()', there is a call to 'OBJ_nid2obj()' which is
not checked for a return value of NULL.

The patch file below adds the check and returns 0 if NULL is returned:

--- asn_moid.c.orig 2016-03-06 17:09:03.019903938 -0800
+++ asn_moid.c  2016-03-06 17:09:41.778829998 -0800
@@ -146,6 +146,8 @@
 memcpy(lntmp, ln, p - ln);
 lntmp[p - ln] = 0;
 oid = OBJ_nid2obj(nid);
+   if (oid == NULL)
+   return 0;
 oid->ln = lntmp;
 }


===

In reviewing code in directory 'crypto/asn1', file 'p5_pbev2.c', in
function 'PKCS5_pbe2_set_iv()' and 'PKCS5_pbkdf2_set(), there are calls
to 'OBJ_nid2obj()' which is not checked for a return value of NULL.

The patch file below adds the check and goes to merr: if NULL is returned:

--- p5_pbev2.c.orig 2016-03-06 17:21:56.612223544 -0800
+++ p5_pbev2.c  2016-03-06 17:23:25.049463462 -0800
@@ -105,6 +105,8 @@
 goto err;
 }
 obj = OBJ_nid2obj(alg_nid);
+if (obj == NULL)
+   goto merr;

 if (!(pbe2 = PBE2PARAM_new()))
 goto merr;
@@ -169,6 +171,8 @@
 goto merr;

 ret->algorithm = OBJ_nid2obj(NID_pbes2);
+if (ret->algorithm == NULL)
+   goto merr;

 /* Encode PBE2PARAM into parameter */

@@ -258,6 +262,8 @@
 goto merr;

 keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2);
+if (!keyfunc->algorithm)
+   goto merr;

 /* Encode PBKDF2PARAM into parameter of pbe2 */


===

In reviewing code in directory 'crypto/asn1', file 'x_attrib.c', in
function 'X509_ATTRIBUTE_create()' there is a call to 'OBJ_nid2obj()'
which is not checked for a return value of NULL.

The patch file below adds the check and goes to err: if NULL is returned:

--- x_attrib.c.orig 2016-03-06 17:35:12.565385098 -0800
+++ x_attrib.c  2016-03-06 17:37:35.383536550 -0800
@@ -105,6 +105,8 @@
 if ((ret = X509_ATTRIBUTE_new()) == NULL)
 return (NULL);
 ret->object = OBJ_nid2obj(nid);
+if (ret->object == NULL)
+   goto err;
 ret->single = 0;
 if ((ret->value.set = sk_ASN1_TYPE_new_null()) == NULL)
 goto err;

===

In reviewing code in directory 'crypto/asn1', file 'tasn_new.c', in
function 'ASN1_primitive_new()' there is a call to 'OBJ_nid2obj()'
which is not checked for a return value of NULL.

The patch file below adds the check and returns 0 if NULL is returned:

--- tasn_new.c.orig 2016-03-06 17:39:25.320508974 -0800
+++ tasn_new.c  2016-03-06 17:40:31.614934655 -0800
@@ -328,6 +328,8 @@
 switch (utype) {
 case V_ASN1_OBJECT:
 *pval = (ASN1_VALUE *)OBJ_nid2obj(NID_undef);
+   if (!pval)
+   return 0;
 return 1;

 case V_ASN1_BOOLEAN:

===

Bill Parker (wp02855 at gmail dot com)

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4381
Please log in as guest with password guest if prompted



asn_moid.c.patch
Description: Binary data


p5_pbev2.c.patch
Description: Binary data


x_attrib.c.patch
Description: Binary data


tasn_new.c.patch
Description: Binary data
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4384] [PATCH] Missing Sanity Check plus potential NULL pointer deref (CWE-476)

2016-03-07 Thread Bill Parker via RT 
Hello All,

In reviewing code in directory 'engines', file 'e_aep.c', there is a
call to function 'bn_expand()', but it is not checked for a return
value of NULL.  However, a member of the variable 'bn' (bn->d) are used in
memset()/memcpy() calls, but if 'bn' is NULL, a segmentation fault/violation
will occur.

The patch file below checks for a NULL return from 'bn_expand()', but
I was not sure what should be returned from here (so I kludged something
to fit):

--- e_aep.c.orig2016-03-06 10:47:23.113646348 -0800
+++ e_aep.c 2016-03-06 10:52:27.991394742 -0800
@@ -1137,7 +1137,9 @@
 /*
  * Expand the result bn so that it can hold our big num. Size is in
bits
  */
-bn_expand(bn, (int)(BigNumSize << 3));
+if (!bn_expand(bn, (int)(BigNumSize << 3)) == NULL)
+   /* what should we do here, a new error code, etc? */
+   return 117; /*  bn_expand could return NULL, could it not? */

 #  ifdef SIXTY_FOUR_BIT_LONG
 bn->top = BigNumSize >> 3;

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4384
Please log in as guest with password guest if prompted



e_aep.c.patch
Description: Binary data
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4382] [PATCH] Missing Sanity Check(s) for BUF_strdup() in OpenSSL-1.0.2g

2016-03-07 Thread Bill Parker via RT 
Hello All,

In reviewing source code in directory 'crypto/conf', file 'conf_mod.c',
there is a call to BUF_strdup() in function 'module_add()' which is not
checked for a return value of NULL, indicating failure.

The patch file below adds the check and calls OPENSSL_free(tmod) to
release the previous allocation by OPENSSL_malloc():

--- conf_mod.c.orig 2016-03-06 05:46:50.424008381 -0800
+++ conf_mod.c  2016-03-06 05:47:49.031457086 -0800
@@ -288,6 +288,10 @@

 tmod->dso = dso;
 tmod->name = BUF_strdup(name);
+if (!tmod->name) {
+   OPENSSL_free(tmod);
+   return NULL;
+}
 tmod->init = ifunc;
 tmod->finish = ffunc;
 tmod->links = 0;

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4382
Please log in as guest with password guest if prompted



conf_mod.c.patch
Description: Binary data
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4385] [PATCH] Missing Sanity Checks for RSA_new_method() in OpenSSL-1.0.2g

2016-03-07 Thread Bill Parker via RT 
Hello All,

In reviewing source code in directory 'engines', file 'e_4758cca.c',
there are two calls to function 'RSA_new_method()' which are not
checked for a return value of NULL, indicating failure.

The patch file below should address/correct this issue:

--- e_4758cca.c.orig2016-03-06 11:05:42.053315929 -0800
+++ e_4758cca.c 2016-03-06 11:06:54.996586643 -0800
@@ -463,6 +463,10 @@

 (*(long *)keyToken) = keyTokenLength;
 rtmp = RSA_new_method(e);
+if (rtmp == NULL) {
+   CAPIerr(CAPI_F_CAPI_GET_PKEY, ERR_R_MALLOC_FAILURE);
+   goto err;
+}
 RSA_set_ex_data(rtmp, hndidx, (char *)keyToken);

 rtmp->e = BN_bin2bn(exponent, exponentLength, NULL);
@@ -535,6 +539,10 @@

 (*(long *)keyToken) = keyTokenLength;
 rtmp = RSA_new_method(e);
+if (rtmp == NULL) {
+   CAPIerr(CAPI_F_CAPI_GET_PKEY, ERR_R_MALLOC_FAILURE);
+   goto err;
+}
 RSA_set_ex_data(rtmp, hndidx, (char *)keyToken);
 rtmp->e = BN_bin2bn(exponent, exponentLength, NULL);
 rtmp->n = BN_bin2bn(modulus, modulusFieldLength, NULL);

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4385
Please log in as guest with password guest if prompted



e_4758cca.c.patch
Description: Binary data
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4386] [PATCH] Add sanity checks for BN_new() in OpenSSL-1.0.2g

2016-03-07 Thread Bill Parker via RT 
Hello All,

In reviewing code in directory 'engines/ccgost', file 'gost2001.c',
there are two calls to BN_new() which are not checked for a return
value of NULL, indicating failure.

The patch file below should address/correct this issue:

--- gost2001.c.orig 2016-03-06 11:32:49.676178425 -0800
+++ gost2001.c  2016-03-06 11:38:04.604204158 -0800
@@ -434,6 +434,10 @@
 int gost2001_keygen(EC_KEY *ec)
 {
 BIGNUM *order = BN_new(), *d = BN_new();
+if (!order || !d) {
+   GOSTerr(GOST_F_GOST2001_KEYGEN, ERR_R_MALLOC_FAILURE);
+   return 0;
+}
 const EC_GROUP *group = EC_KEY_get0_group(ec);

 if(!group || !EC_GROUP_get_order(group, order, NULL)) {

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4386
Please log in as guest with password guest if prompted



gost2001.c.patch
Description: Binary data
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4383] [PATCH] Add error checking for bn2_expand()/BN_new()/RSA_new_method() in file 'e_chil.c' for OpenSSL-1.0.2g

2016-03-07 Thread Bill Parker via RT 
Hello All,

In reviewing source code in directory 'crypto/engines', file 'e_chil.c'
there are some comments warning to check for error when bn_expand2() or
BN_new() or RSA_new_method() is called.  The patch file below adds the
requested checks to the code:

--- e_chil.c.orig   2016-03-06 06:51:53.783105250 -0800
+++ e_chil.c2016-03-06 11:20:38.533253919 -0800
@@ -810,9 +810,17 @@
 #  endif
 #  ifndef OPENSSL_NO_RSA
 rtmp = RSA_new_method(eng);
+if (!rtmp == NULL) {
+   HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE);
+   goto err;
+}
 RSA_set_ex_data(rtmp, hndidx_rsa, (char *)hptr);
 rtmp->e = BN_new();
 rtmp->n = BN_new();
+if (!rtmp->e || !rtmp->n) {
+   HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE);
+   goto err;
+}
 rtmp->flags |= RSA_FLAG_EXT_PKEY;
 MPI2BN(rtmp->e, e);
 MPI2BN(rtmp->n, n);
@@ -823,8 +831,14 @@
 goto err;
 }

-bn_expand2(rtmp->e, e.size / sizeof(BN_ULONG));
-bn_expand2(rtmp->n, n.size / sizeof(BN_ULONG));
+if (bn_expand2(rtmp->e, e.size / sizeof(BN_ULONG)) == NULL) {
+   HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE);
+   goto err;
+}
+if (bn_expand2(rtmp->n, n.size / sizeof(BN_ULONG)) == NULL) {
+   HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE);
+   goto err;
+}
 MPI2BN(rtmp->e, e);
 MPI2BN(rtmp->n, n);

@@ -923,7 +937,10 @@
 goto err;
 }
 /* Prepare the params */
-bn_expand2(r, m->top);  /* Check for error !! */
+if (bn_expand2(r, m->top) == NULL) { /* Check for error !! */
+   HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP, ERR_R_MALLOC_FAILURE);
+   goto err;
+}
 BN2MPI(m_a, a);
 BN2MPI(m_p, p);
 BN2MPI(m_n, m);
@@ -989,7 +1006,10 @@
 }

 /* Prepare the params */
-bn_expand2(r, rsa->n->top); /* Check for error !! */
+if (bn_expand2(r, rsa->n->top) == NULL) { /* Check for error !! */
+   HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP, ERR_R_MALLOC_FAILURE);
+   goto err;
+   }
 BN2MPI(m_a, I);
 MPI2BN(r, m_r);

@@ -1026,7 +1046,10 @@
 }

 /* Prepare the params */
-bn_expand2(r, rsa->n->top); /* Check for error !! */
+if (bn_expand2(r, rsa->n->top) == NULL) { /* Check for error !! */
+   HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP, ERR_R_MALLOC_FAILURE);
+   goto err;
+   }
 BN2MPI(m_a, I);
 BN2MPI(m_p, rsa->p);
 BN2MPI(m_q, rsa->q);

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4383
Please log in as guest with password guest if prompted



e_chil.c.patch
Description: Binary data
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4386] [PATCH] Add sanity checks for BN_new() in OpenSSL-1.0.2g

2016-03-07 Thread Bill Parker via RT 
Dr. Dale,

I actually saw that, but forgot to correct it before sending (my
bad)...:(

Bill

On Mon, Mar 7, 2016 at 1:44 PM, paul.d...@oracle.com via RT <r...@openssl.org>
wrote:

> If one of the allocation calls succeeds and the other fails, the patched
> code will leak memory.
> It needs something along the lines of:
>
> if (order != NULL) BN_clear_free(order);
> if (d != NULL) BN_clear_free(d);
>
> in the failure case code.
>
>
> Pauli
>
> --
> Oracle
> Dr Paul Dale | Cryptographer | Network Security & Encryption
> Phone +61 7 3031 7217
> Oracle Australia
>
> On Mon, 7 Mar 2016 05:55:23 PM Bill Parker via RT wrote:
> > Hello All,
> >
> > In reviewing code in directory 'engines/ccgost', file 'gost2001.c',
> > there are two calls to BN_new() which are not checked for a return
> > value of NULL, indicating failure.
> >
> > The patch file below should address/correct this issue:
> >
> > --- gost2001.c.orig 2016-03-06 11:32:49.676178425 -0800
> > +++ gost2001.c  2016-03-06 11:38:04.604204158 -0800
> > @@ -434,6 +434,10 @@
> >  int gost2001_keygen(EC_KEY *ec)
> >  {
> >  BIGNUM *order = BN_new(), *d = BN_new();
> > +if (!order || !d) {
> > +   GOSTerr(GOST_F_GOST2001_KEYGEN, ERR_R_MALLOC_FAILURE);
> > +   return 0;
> > +}
> >  const EC_GROUP *group = EC_KEY_get0_group(ec);
> >
> >  if(!group || !EC_GROUP_get_order(group, order, NULL)) {
> >
> >
>
>
> --
> Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4386
> Please log in as guest with password guest if prompted
>
>

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4386
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4377] Prevent potential NULL pointer dereference in OpenSSL-1.0.2g (CWE-476)

2016-03-04 Thread Bill Parker via RT 
Hello All,

In reviewing code in directory 'crypto/evp', in file 'openbsd_hw.c',
there is a call to OPENSSL_realloc() which is NOT checked for a return
value of NULL, indicating failure.  However, the statement after this
is memcpy(), which if the destination variable is NULL, will result
in a segmentation fault/violation.

The patch file below should address/correct this issue:

--- openbsd_hw.c.orig   2016-03-02 15:36:57.236927351 -0800
+++ openbsd_hw.c2016-03-03 18:56:58.169567807 -0800
@@ -364,6 +378,10 @@
 return do_digest(md_data->sess.ses, md_data->md, data, len);

 md_data->data = OPENSSL_realloc(md_data->data, md_data->len + len);
+if (md_data->data == NULL) {
+   err("DEV_CRYPTO_MD5_UPDATE: unable to allocate memory");
+   return 0;
+}
 memcpy(md_data->data + md_data->len, data, len);
 md_data->len += len;

===

Bill Parker (wp02855 at gmail dot com)

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4377
Please log in as guest with password guest if prompted



realloc_openbsd_hw.c.patch
Description: Binary data
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev