[patch] libssl malloc check for NULL

Chris Hettrick Sat, 24 May 2014 17:47:23 -0700

Hi tech@

Here are some missing checks for NULL after malloc().


Index: libssl/src/apps/apps.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/apps/apps.c,v
retrieving revision 1.52
diff -u -p -r1.52 apps.c
--- libssl/src/apps/apps.c      23 May 2014 15:55:08 -0000      1.52
+++ libssl/src/apps/apps.c      25 May 2014 00:11:20 -0000
@@ -215,6 +215,8 @@ chopup_args(ARGS *arg, char *buf, int *a
        if (arg->count == 0) {
                arg->count = 20;
                arg->data = (char **)malloc(sizeof(char *) * arg->count);
+               if (arg->data == NULL)
+                       return 0;
        }
        for (i = 0; i < arg->count; i++)
                arg->data[i] = NULL;
Index: libssl/src/apps/dgst.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/apps/dgst.c,v
retrieving revision 1.34
diff -u -p -r1.34 dgst.c
--- libssl/src/apps/dgst.c      23 May 2014 16:10:02 -0000      1.34
+++ libssl/src/apps/dgst.c      25 May 2014 00:11:20 -0000
@@ -401,6 +401,11 @@ mac_end:
                sigbio = BIO_new_file(sigfile, "rb");
                siglen = EVP_PKEY_size(sigkey);
                sigbuf = malloc(siglen);
+               if (sigbuf == NULL) {
+                       BIO_printf(bio_err, "Out of memory\n");
+                       ERR_print_errors(bio_err);
+                       goto end;
+               }
                if (!sigbio) {
                        BIO_printf(bio_err, "Error opening signature file %s\n",
                            sigfile);
Index: libssl/src/apps/speed.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/apps/speed.c,v
retrieving revision 1.44
diff -u -p -r1.44 speed.c
--- libssl/src/apps/speed.c     23 May 2014 16:10:02 -0000      1.44
+++ libssl/src/apps/speed.c     25 May 2014 00:11:20 -0000
@@ -2107,6 +2107,10 @@ do_multi(int multi)
        static char sep[] = ":";
 
        fds = malloc(multi * sizeof *fds);
+       if (fds == NULL) {
+               fprintf(stderr, "Out of memory\n");
+               exit(1);
+       }
        for (n = 0; n < multi; ++n) {
                if (pipe(fd) == -1) {
                        fprintf(stderr, "pipe failure\n");
Index: libssl/src/apps/x509.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/apps/x509.c,v
retrieving revision 1.44
diff -u -p -r1.44 x509.c
--- libssl/src/apps/x509.c      23 May 2014 16:10:02 -0000      1.44
+++ libssl/src/apps/x509.c      25 May 2014 00:11:20 -0000
@@ -746,6 +746,11 @@ bad:
 
                                z = i2d_X509(x, NULL);
                                m = malloc(z);
+                               if (m == NULL) {
+                                       BIO_printf(bio_err, "Out of memory\n");
+                                       ERR_print_errors(bio_err);
+                                       goto end;
+                               }
 
                                d = (unsigned char *) m;
                                z = i2d_X509_NAME(X509_get_subject_name(x), &d);
Index: libssl/src/crypto/asn1/bio_ndef.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/crypto/asn1/bio_ndef.c,v
retrieving revision 1.6
diff -u -p -r1.6 bio_ndef.c
--- libssl/src/crypto/asn1/bio_ndef.c   22 May 2014 21:12:15 -0000      1.6
+++ libssl/src/crypto/asn1/bio_ndef.c   25 May 2014 00:11:22 -0000
@@ -164,6 +164,8 @@ ndef_prefix(BIO *b, unsigned char **pbuf
 
        derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
        p = malloc(derlen);
+       if (p == NULL)
+               return 0;
        ndef_aux->derbuf = p;
        *pbuf = p;
        derlen = ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it);
@@ -232,6 +234,8 @@ ndef_suffix(BIO *b, unsigned char **pbuf
 
        derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
        p = malloc(derlen);
+       if (p == NULL)
+               return 0;
        ndef_aux->derbuf = p;
        *pbuf = p;
        derlen = ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it);
Index: libssl/src/crypto/cms/cms_pwri.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/crypto/cms/cms_pwri.c,v
retrieving revision 1.4
diff -u -p -r1.4 cms_pwri.c
--- libssl/src/crypto/cms/cms_pwri.c    24 May 2014 15:55:21 -0000      1.4
+++ libssl/src/crypto/cms/cms_pwri.c    25 May 2014 00:11:27 -0000
@@ -231,6 +231,8 @@ kek_unwrap_key(unsigned char *out, size_
                return 0;
        }
        tmp = malloc(inlen);
+       if (tmp == NULL)
+               return 0;
        /* setup IV by decrypting last two blocks */
        EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl,
            in  + inlen - 2 * blocklen, blocklen * 2);
Index: libssl/src/ssl/ssl_ciph.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/ssl/ssl_ciph.c,v
retrieving revision 1.39
diff -u -p -r1.39 ssl_ciph.c
--- libssl/src/ssl/ssl_ciph.c   24 May 2014 19:27:48 -0000      1.39
+++ libssl/src/ssl/ssl_ciph.c   25 May 2014 00:11:42 -0000
@@ -1742,6 +1742,12 @@ SSL_COMP_add_compression_method(int id, 
 
        MemCheck_off();
        comp = malloc(sizeof(SSL_COMP));
+       if (comp == NULL) {
+               MemCheck_on();
+               SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
+                   ERR_R_MALLOC_FAILURE);
+               return 1;
+       }
        comp->id = id;
        comp->method = cm;
        load_builtin_compressions();

[patch] libssl malloc check for NULL

Reply via email to