From 9dddcd90a1350fa63486cbf3226c3eee79f9aff5 Mon Sep 17 00:00:00 2001 From: x2018 Date: Fri, 22 Oct 2021 22:50:27 +0800 Subject: [PATCH] add checks for the return values of BN_new(), sk_RSA_PRIME_INFO_new_reserve(), EVP_PKEY_CTX_new_from_pkey() and EVP_CIPHER_CTX_new(). Otherwise may result in memory errors. Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16892) --- crypto/cms/cms_pwri.c | 4 ++++ crypto/dsa/dsa_sign.c | 3 ++- crypto/ec/ec_asn1.c | 3 ++- crypto/evp/p_lib.c | 2 ++ crypto/pem/pvkfmt.c | 5 +++++ crypto/rsa/rsa_backend.c | 2 ++ 6 files changed, 17 insertions(+), 2 deletions(-) diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c index bc2b5179b7..380240561f 100644 --- a/crypto/cms/cms_pwri.c +++ b/crypto/cms/cms_pwri.c @@ -85,6 +85,10 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, goto merr; } ctx = EVP_CIPHER_CTX_new(); + if (ctx == NULL) { + ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); + goto err; + } if (EVP_EncryptInit_ex(ctx, kekciph, NULL, NULL, NULL) <= 0) { ERR_raise(ERR_LIB_CMS, ERR_R_EVP_LIB); diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c index 6e87bd1657..21b0cbd5fb 100644 --- a/crypto/dsa/dsa_sign.c +++ b/crypto/dsa/dsa_sign.c @@ -65,7 +65,8 @@ DSA_SIG *d2i_DSA_SIG(DSA_SIG **psig, const unsigned char **ppin, long len) sig->r = BN_new(); if (sig->s == NULL) sig->s = BN_new(); - if (ossl_decode_der_dsa_sig(sig->r, sig->s, ppin, (size_t)len) == 0) { + if (sig->r == NULL || sig->s == NULL + || ossl_decode_der_dsa_sig(sig->r, sig->s, ppin, (size_t)len) == 0) { if (psig == NULL || *psig == NULL) DSA_SIG_free(sig); return NULL; diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index 31519137c6..6323131a22 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -1223,7 +1223,8 @@ ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **psig, const unsigned char **ppin, long len) sig->r = BN_new(); if (sig->s == NULL) sig->s = BN_new(); - if (ossl_decode_der_dsa_sig(sig->r, sig->s, ppin, (size_t)len) == 0) { + if (sig->r == NULL || sig->s == NULL + || ossl_decode_der_dsa_sig(sig->r, sig->s, ppin, (size_t)len) == 0) { if (psig == NULL || *psig == NULL) ECDSA_SIG_free(sig); return NULL; diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 38e22f3b6c..2552dd702a 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -1850,6 +1850,8 @@ void *evp_pkey_export_to_provider(EVP_PKEY *pk, OSSL_LIB_CTX *libctx, if (tmp_keymgmt == NULL) { EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pk, propquery); + if (ctx == NULL) + goto end; tmp_keymgmt = ctx->keymgmt; ctx->keymgmt = NULL; EVP_PKEY_CTX_free(ctx); diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index 6f5207abd1..83166b5887 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -839,6 +839,11 @@ static void *do_PVK_body_key(const unsigned char **in, #endif EVP_CIPHER_CTX *cctx = EVP_CIPHER_CTX_new(); + if (cctx == NULL) { + ERR_raise(ERR_LIB_PEM, ERR_R_MALLOC_FAILURE); + goto err; + } + if (saltlen) { #ifndef OPENSSL_NO_RC4 unsigned int magic; diff --git a/crypto/rsa/rsa_backend.c b/crypto/rsa/rsa_backend.c index 85ad54e4cf..46283265d2 100644 --- a/crypto/rsa/rsa_backend.c +++ b/crypto/rsa/rsa_backend.c @@ -392,6 +392,8 @@ RSA *ossl_rsa_dup(const RSA *rsa, int selection) if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0 && (pnum = sk_RSA_PRIME_INFO_num(rsa->prime_infos)) > 0) { dupkey->prime_infos = sk_RSA_PRIME_INFO_new_reserve(NULL, pnum); + if (dupkey->prime_infos == NULL) + goto err; for (i = 0; i < pnum; i++) { const RSA_PRIME_INFO *pinfo = NULL; RSA_PRIME_INFO *duppinfo = NULL; -- GitLab