diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2010-05-22 00:31:02 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2010-05-22 00:31:02 +0000 |
commit | 59d100d959ce00ca44088dfb5dbcd8a200dee215 (patch) | |
tree | 299def6f299a8967654c0defd5885c59ded6e36e /crypto/x509v3 | |
parent | d497b5362bede66a7605458032056b5835220afb (diff) | |
download | openssl-new-59d100d959ce00ca44088dfb5dbcd8a200dee215.tar.gz |
PR: 2251
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Approved by: steve@openssl.org
Memleak, BIO chain leak and realloc checks in v3_pci.c
Diffstat (limited to 'crypto/x509v3')
-rw-r--r-- | crypto/x509v3/v3_pci.c | 28 |
1 files changed, 27 insertions, 1 deletions
diff --git a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c index c254b2ff98..0dcfa004fe 100644 --- a/crypto/x509v3/v3_pci.c +++ b/crypto/x509v3/v3_pci.c @@ -128,7 +128,12 @@ static int process_pci_value(CONF_VALUE *val, unsigned char *tmp_data2 = string_to_hex(val->value + 4, &val_len); - if (!tmp_data2) goto err; + if (!tmp_data2) + { + X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_ILLEGAL_HEX_DIGIT); + X509V3_conf_err(val); + goto err; + } tmp_data = OPENSSL_realloc((*policy)->data, (*policy)->length + val_len + 1); @@ -140,6 +145,17 @@ static int process_pci_value(CONF_VALUE *val, (*policy)->length += val_len; (*policy)->data[(*policy)->length] = '\0'; } + else + { + OPENSSL_free(tmp_data2); + /* realloc failure implies the original data space is b0rked too! */ + (*policy)->data = NULL; + (*policy)->length = 0; + X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE); + X509V3_conf_err(val); + goto err; + } + OPENSSL_free(tmp_data2); } else if (strncmp(val->value, "file:", 5) == 0) { @@ -169,6 +185,7 @@ static int process_pci_value(CONF_VALUE *val, (*policy)->length += n; (*policy)->data[(*policy)->length] = '\0'; } + BIO_free_all(b); if (n < 0) { @@ -190,6 +207,15 @@ static int process_pci_value(CONF_VALUE *val, (*policy)->length += val_len; (*policy)->data[(*policy)->length] = '\0'; } + else + { + /* realloc failure implies the original data space is b0rked too! */ + (*policy)->data = NULL; + (*policy)->length = 0; + X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE); + X509V3_conf_err(val); + goto err; + } } else { |