155 lines
5.2 KiB
Diff
155 lines
5.2 KiB
Diff
From 309e73dfe067b3b774ef6f57bf665f41373a81ca Mon Sep 17 00:00:00 2001
|
|
From: Shane Lontis <shane.lontis@oracle.com>
|
|
Date: Mon, 7 Sep 2020 17:44:38 +1000
|
|
Subject: [PATCH 064/147] Coverity Fixes
|
|
|
|
x_algor.c: Explicit null dereferenced
|
|
cms_sd.c: Resource leak
|
|
ts_rsp_sign.c Resource Leak
|
|
extensions_srvr.c: Resourse Leak
|
|
v3_alt.c: Resourse Leak
|
|
pcy_data.c: Resource Leak
|
|
cms_lib.c: Resource Leak
|
|
drbg_lib.c: Unchecked return code
|
|
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
|
|
(Merged from https://github.com/openssl/openssl/pull/12531)
|
|
---
|
|
crypto/cms/cms_lib.c | 3 ++-
|
|
crypto/cms/cms_sd.c | 4 +++-
|
|
crypto/rand/drbg_lib.c | 8 +++++---
|
|
crypto/ts/ts_rsp_sign.c | 2 ++
|
|
crypto/x509v3/pcy_data.c | 1 +
|
|
crypto/x509v3/v3_alt.c | 1 +
|
|
ssl/statem/extensions_srvr.c | 2 +-
|
|
7 files changed, 11 insertions(+), 10 deletions(-)
|
|
|
|
diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c
|
|
index 57afba4..cdd794e 100644
|
|
--- a/crypto/cms/cms_lib.c
|
|
+++ b/crypto/cms/cms_lib.c
|
|
@@ -92,12 +92,13 @@ BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont)
|
|
|
|
default:
|
|
CMSerr(CMS_F_CMS_DATAINIT, CMS_R_UNSUPPORTED_TYPE);
|
|
- return NULL;
|
|
+ goto err;
|
|
}
|
|
|
|
if (cmsbio)
|
|
return BIO_push(cmsbio, cont);
|
|
|
|
+err:
|
|
if (!icont)
|
|
BIO_free(cont);
|
|
return NULL;
|
|
diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
|
|
index 29ba4c1..6030f07 100644
|
|
--- a/crypto/cms/cms_sd.c
|
|
+++ b/crypto/cms/cms_sd.c
|
|
@@ -897,8 +897,10 @@ int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
|
|
ASN1_INTEGER *key = NULL;
|
|
if (keysize > 0) {
|
|
key = ASN1_INTEGER_new();
|
|
- if (key == NULL || !ASN1_INTEGER_set(key, keysize))
|
|
+ if (key == NULL || !ASN1_INTEGER_set(key, keysize)) {
|
|
+ ASN1_INTEGER_free(key);
|
|
return 0;
|
|
+ }
|
|
}
|
|
alg = X509_ALGOR_new();
|
|
if (alg == NULL) {
|
|
diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c
|
|
index faf0590..73fd439 100644
|
|
--- a/crypto/rand/drbg_lib.c
|
|
+++ b/crypto/rand/drbg_lib.c
|
|
@@ -330,7 +330,7 @@ int RAND_DRBG_instantiate(RAND_DRBG *drbg,
|
|
drbg->reseed_next_counter = tsan_load(&drbg->reseed_prop_counter);
|
|
if (drbg->reseed_next_counter) {
|
|
drbg->reseed_next_counter++;
|
|
- if(!drbg->reseed_next_counter)
|
|
+ if (!drbg->reseed_next_counter)
|
|
drbg->reseed_next_counter = 1;
|
|
}
|
|
|
|
@@ -432,7 +432,7 @@ int RAND_DRBG_reseed(RAND_DRBG *drbg,
|
|
drbg->reseed_next_counter = tsan_load(&drbg->reseed_prop_counter);
|
|
if (drbg->reseed_next_counter) {
|
|
drbg->reseed_next_counter++;
|
|
- if(!drbg->reseed_next_counter)
|
|
+ if (!drbg->reseed_next_counter)
|
|
drbg->reseed_next_counter = 1;
|
|
}
|
|
|
|
@@ -554,7 +554,9 @@ int rand_drbg_restart(RAND_DRBG *drbg,
|
|
drbg->meth->reseed(drbg, adin, adinlen, NULL, 0);
|
|
} else if (reseeded == 0) {
|
|
/* do a full reseeding if it has not been done yet above */
|
|
- RAND_DRBG_reseed(drbg, NULL, 0, 0);
|
|
+ if (!RAND_DRBG_reseed(drbg, NULL, 0, 0)) {
|
|
+ RANDerr(RAND_F_RAND_DRBG_RESTART, RAND_R_RESEED_ERROR);
|
|
+ }
|
|
}
|
|
}
|
|
|
|
diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c
|
|
index 041a187..342582f 100644
|
|
--- a/crypto/ts/ts_rsp_sign.c
|
|
+++ b/crypto/ts/ts_rsp_sign.c
|
|
@@ -57,12 +57,14 @@ static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *ctx, void *data)
|
|
goto err;
|
|
if (!ASN1_INTEGER_set(serial, 1))
|
|
goto err;
|
|
+
|
|
return serial;
|
|
|
|
err:
|
|
TSerr(TS_F_DEF_SERIAL_CB, ERR_R_MALLOC_FAILURE);
|
|
TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
|
|
"Error during serial number generation.");
|
|
+ ASN1_INTEGER_free(serial);
|
|
return NULL;
|
|
}
|
|
|
|
diff --git a/crypto/x509v3/pcy_data.c b/crypto/x509v3/pcy_data.c
|
|
index 0735059..62db3b4 100644
|
|
--- a/crypto/x509v3/pcy_data.c
|
|
+++ b/crypto/x509v3/pcy_data.c
|
|
@@ -52,6 +52,7 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy,
|
|
ret = OPENSSL_zalloc(sizeof(*ret));
|
|
if (ret == NULL) {
|
|
X509V3err(X509V3_F_POLICY_DATA_NEW, ERR_R_MALLOC_FAILURE);
|
|
+ ASN1_OBJECT_free(id);
|
|
return NULL;
|
|
}
|
|
ret->expected_policy_set = sk_ASN1_OBJECT_new_null();
|
|
diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c
|
|
index 7ac2911..0bcee33 100644
|
|
--- a/crypto/x509v3/v3_alt.c
|
|
+++ b/crypto/x509v3/v3_alt.c
|
|
@@ -275,6 +275,7 @@ static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens)
|
|
num = sk_GENERAL_NAME_num(ialt);
|
|
if (!sk_GENERAL_NAME_reserve(gens, num)) {
|
|
X509V3err(X509V3_F_COPY_ISSUER, ERR_R_MALLOC_FAILURE);
|
|
+ sk_GENERAL_NAME_free(ialt);
|
|
goto err;
|
|
}
|
|
|
|
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
|
|
index 3b07c6b..3c7395c 100644
|
|
--- a/ssl/statem/extensions_srvr.c
|
|
+++ b/ssl/statem/extensions_srvr.c
|
|
@@ -1151,7 +1151,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
|
|
if (sesstmp == NULL) {
|
|
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
|
|
SSL_F_TLS_PARSE_CTOS_PSK, ERR_R_INTERNAL_ERROR);
|
|
- return 0;
|
|
+ goto err;
|
|
}
|
|
SSL_SESSION_free(sess);
|
|
sess = sesstmp;
|
|
--
|
|
1.8.3.1
|
|
|