提交 902a97b5 编写于 作者: K kinichiro 提交者: Tomas Mraz

Avoid leak in error path of asn1_parse2

CLA: trivial
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: NPaul Dale <paul.dale@oracle.com>
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10794)

(cherry picked from commit 6a165fab239ec5b00b3cd68169a63b509207177d)
上级 5f6343de
...@@ -75,6 +75,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, ...@@ -75,6 +75,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
int nl, hl, j, r; int nl, hl, j, r;
ASN1_OBJECT *o = NULL; ASN1_OBJECT *o = NULL;
ASN1_OCTET_STRING *os = NULL; ASN1_OCTET_STRING *os = NULL;
ASN1_INTEGER *ai = NULL;
ASN1_ENUMERATED *ae = NULL;
/* ASN1_BMPSTRING *bmp=NULL; */ /* ASN1_BMPSTRING *bmp=NULL; */
int dump_indent, dump_cont = 0; int dump_indent, dump_cont = 0;
...@@ -250,22 +252,21 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, ...@@ -250,22 +252,21 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
ASN1_OCTET_STRING_free(os); ASN1_OCTET_STRING_free(os);
os = NULL; os = NULL;
} else if (tag == V_ASN1_INTEGER) { } else if (tag == V_ASN1_INTEGER) {
ASN1_INTEGER *bs;
int i; int i;
opp = op; opp = op;
bs = d2i_ASN1_INTEGER(NULL, &opp, len + hl); ai = d2i_ASN1_INTEGER(NULL, &opp, len + hl);
if (bs != NULL) { if (ai != NULL) {
if (BIO_write(bp, ":", 1) <= 0) if (BIO_write(bp, ":", 1) <= 0)
goto end; goto end;
if (bs->type == V_ASN1_NEG_INTEGER) if (ai->type == V_ASN1_NEG_INTEGER)
if (BIO_write(bp, "-", 1) <= 0) if (BIO_write(bp, "-", 1) <= 0)
goto end; goto end;
for (i = 0; i < bs->length; i++) { for (i = 0; i < ai->length; i++) {
if (BIO_printf(bp, "%02X", bs->data[i]) <= 0) if (BIO_printf(bp, "%02X", ai->data[i]) <= 0)
goto end; goto end;
} }
if (bs->length == 0) { if (ai->length == 0) {
if (BIO_write(bp, "00", 2) <= 0) if (BIO_write(bp, "00", 2) <= 0)
goto end; goto end;
} }
...@@ -274,24 +275,24 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, ...@@ -274,24 +275,24 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
goto end; goto end;
dump_cont = 1; dump_cont = 1;
} }
ASN1_INTEGER_free(bs); ASN1_INTEGER_free(ai);
ai = NULL;
} else if (tag == V_ASN1_ENUMERATED) { } else if (tag == V_ASN1_ENUMERATED) {
ASN1_ENUMERATED *bs;
int i; int i;
opp = op; opp = op;
bs = d2i_ASN1_ENUMERATED(NULL, &opp, len + hl); ae = d2i_ASN1_ENUMERATED(NULL, &opp, len + hl);
if (bs != NULL) { if (ae != NULL) {
if (BIO_write(bp, ":", 1) <= 0) if (BIO_write(bp, ":", 1) <= 0)
goto end; goto end;
if (bs->type == V_ASN1_NEG_ENUMERATED) if (ae->type == V_ASN1_NEG_ENUMERATED)
if (BIO_write(bp, "-", 1) <= 0) if (BIO_write(bp, "-", 1) <= 0)
goto end; goto end;
for (i = 0; i < bs->length; i++) { for (i = 0; i < ae->length; i++) {
if (BIO_printf(bp, "%02X", bs->data[i]) <= 0) if (BIO_printf(bp, "%02X", ae->data[i]) <= 0)
goto end; goto end;
} }
if (bs->length == 0) { if (ae->length == 0) {
if (BIO_write(bp, "00", 2) <= 0) if (BIO_write(bp, "00", 2) <= 0)
goto end; goto end;
} }
...@@ -300,7 +301,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, ...@@ -300,7 +301,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
goto end; goto end;
dump_cont = 1; dump_cont = 1;
} }
ASN1_ENUMERATED_free(bs); ASN1_ENUMERATED_free(ae);
ae = NULL;
} else if (len > 0 && dump) { } else if (len > 0 && dump) {
if (!nl) { if (!nl) {
if (BIO_write(bp, "\n", 1) <= 0) if (BIO_write(bp, "\n", 1) <= 0)
...@@ -341,6 +343,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, ...@@ -341,6 +343,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
end: end:
ASN1_OBJECT_free(o); ASN1_OBJECT_free(o);
ASN1_OCTET_STRING_free(os); ASN1_OCTET_STRING_free(os);
ASN1_INTEGER_free(ai);
ASN1_ENUMERATED_free(ae);
*pp = p; *pp = p;
return ret; return ret;
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册