From 25a807bcb9509c6fccfbbd9d02119772ccb0f23e Mon Sep 17 00:00:00 2001 From: FdaSilvaYY Date: Sat, 13 Feb 2016 19:29:34 +0100 Subject: [PATCH] Add checks on CRYPTO_new_ex_data return value Reviewed-by: Richard Levitte Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/996) --- crypto/bio/bio_lib.c | 3 ++- crypto/engine/eng_lib.c | 5 ++++- crypto/ui/ui_lib.c | 5 ++++- crypto/x509/x_x509.c | 3 ++- ssl/ssl_lib.c | 6 ++++-- ssl/ssl_sess.c | 7 +++++-- 6 files changed, 21 insertions(+), 8 deletions(-) diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c index 94c97da369..6ddc19fc9a 100644 --- a/crypto/bio/bio_lib.c +++ b/crypto/bio/bio_lib.c @@ -93,7 +93,8 @@ int BIO_set(BIO *bio, const BIO_METHOD *method) bio->references = 1; bio->num_read = 0L; bio->num_write = 0L; - CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data); + if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data)) + return 0; bio->lock = CRYPTO_THREAD_lock_new(); if (bio->lock == NULL) { diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c index d0bc716bb3..5bcd24bcf8 100644 --- a/crypto/engine/eng_lib.c +++ b/crypto/engine/eng_lib.c @@ -83,7 +83,10 @@ ENGINE *ENGINE_new(void) } ret->struct_ref = 1; engine_ref_debug(ret, 0, 1); - CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data); + if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data)) { + OPENSSL_free(ret); + return NULL; + } return ret; } diff --git a/crypto/ui/ui_lib.c b/crypto/ui/ui_lib.c index 7b08107f7a..cc5b5f1ecb 100644 --- a/crypto/ui/ui_lib.c +++ b/crypto/ui/ui_lib.c @@ -92,7 +92,10 @@ UI *UI_new_method(const UI_METHOD *method) else ret->meth = method; - CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI, ret, &ret->ex_data); + if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI, ret, &ret->ex_data)) { + OPENSSL_free(ret); + return NULL; + } return ret; } diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c index 22a7e5922d..11e758be80 100644 --- a/crypto/x509/x_x509.c +++ b/crypto/x509/x_x509.c @@ -99,7 +99,8 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, #endif ret->aux = NULL; ret->crldp = NULL; - CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data); + if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data)) + return 0; break; case ASN1_OP_FREE_POST: diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 81c4b6710e..e00c1191b5 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -751,7 +751,8 @@ SSL *SSL_new(SSL_CTX *ctx) if (!SSL_clear(s)) goto err; - CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); + if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data)) + goto err; #ifndef OPENSSL_NO_PSK s->psk_client_callback = ctx->psk_client_callback; @@ -2441,7 +2442,8 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL) goto err; - CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data); + if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data)) + goto err; /* No compression for DTLS */ if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)) diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index d5b7fe3310..3b9a9f7535 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -198,8 +198,11 @@ SSL_SESSION *SSL_SESSION_new(void) return NULL; } - CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); - + if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data)) { + CRYPTO_THREAD_lock_free(ss->lock); + OPENSSL_free(ss); + return NULL; + } return ss; } -- GitLab