Check the return values where memory allocation failures may happen.

PR: 49

Check the return values where memory allocation failures may happen.
PR: 49
9cdf87f1 · Richard Levitte · a81e9d3d · 9cdf87f1 · 9cdf87f1 · 9cdf87f1
14 changed file
--- a/crypto/asn1/a_enum.c
+++ b/crypto/asn1/a_enum.c
@@ -151,7 +151,17 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
 	else ret->type=V_ASN1_ENUMERATED;
 	j=BN_num_bits(bn);
 	len=((j == 0)?0:((j/8)+1));
-	ret->data=(unsigned char *)OPENSSL_malloc(len+4);
+	if (ret->length < len+4)
+		{
+		char *new_data=(char *)OPENSSL_realloc(ret->data, len+4);
+		if (!new_data)
+			{
+			ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+		ret->data=new_data;
+		}
 	ret->length=BN_bn2bin(bn,ret->data);
 	return(ret);
 err:

--- a/crypto/asn1/a_int.c
+++ b/crypto/asn1/a_int.c
@@ -397,7 +397,16 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
 	else ret->type=V_ASN1_INTEGER;
 	j=BN_num_bits(bn);
 	len=((j == 0)?0:((j/8)+1));
-	ret->data=(unsigned char *)OPENSSL_malloc(len+4);
+	if (ret->length < len+4)
+		{
+		char *new_data=(char *)OPENSSL_realloc(ret->data, len+4);
+		if (!new_data)
+			{
+			ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+		ret->data=new_data;
+		}
 	ret->length=BN_bn2bin(bn,ret->data);
 	/* Correct zero case */
 	if(!ret->length)

--- a/crypto/asn1/a_set.c
+++ b/crypto/asn1/a_set.c
@@ -118,7 +118,7 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, int (*func)(), int ex_tag,
 		}
        pStart  = p; /* Catch the beg of Setblobs*/
-        rgSetBlob = (MYBLOB *)OPENSSL_malloc( sk_num(a) * sizeof(MYBLOB)); /* In this array
+        if (!(rgSetBlob = (MYBLOB *)OPENSSL_malloc( sk_num(a) * sizeof(MYBLOB)))) return 0; /* In this array
 we will store the SET blobs */
        for (i=0; i<sk_num(a); i++)
@@ -135,7 +135,7 @@ SetBlob
 /* Now we have to sort the blobs. I am using a simple algo.
    *Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/
        qsort( rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp);
-        pTempMem = OPENSSL_malloc(totSize);
+        if (!(pTempMem = OPENSSL_malloc(totSize))) return 0;
 /* Copy to temp mem */
        p = pTempMem;

--- a/crypto/asn1/x_pubkey.c
+++ b/crypto/asn1/x_pubkey.c
@@ -119,7 +119,7 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
 		dsa->write_params=0;
 		ASN1_TYPE_free(a->parameter);
 		i=i2d_DSAparams(dsa,NULL);
-		p=(unsigned char *)OPENSSL_malloc(i);
+		if ((p=(unsigned char *)OPENSSL_malloc(i)) == NULL) goto err;
 		pp=p;
 		i2d_DSAparams(dsa,&pp);
 		a->parameter=ASN1_TYPE_new();
@@ -189,7 +189,11 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
 		}
 	if ((i=i2d_PublicKey(pkey,NULL)) <= 0) goto err;
-	if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL) goto err;
+	if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL)
+		{
+		X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
 	p=s;
 	i2d_PublicKey(pkey,&p);
 	if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i)) goto err;

--- a/crypto/bio/bf_nbio.c
+++ b/crypto/bio/bf_nbio.c
@@ -103,7 +103,7 @@ static int nbiof_new(BIO *bi)
 	{
 	NBIO_TEST *nt;
-	nt=(NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST));
+	if (!(nt=(NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST)))) return(0);
 	nt->lrn= -1;
 	nt->lwn= -1;
 	bi->ptr=(char *)nt;

--- a/crypto/bn/bn_div.c
+++ b/crypto/bn/bn_div.c
@@ -200,10 +200,10 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
 	/* First we normalise the numbers */
 	norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
-	BN_lshift(sdiv,divisor,norm_shift);
+	if (!(BN_lshift(sdiv,divisor,norm_shift))) goto err;
 	sdiv->neg=0;
 	norm_shift+=BN_BITS2;
-	BN_lshift(snum,num,norm_shift);
+	if (!(BN_lshift(snum,num,norm_shift))) goto err;
 	snum->neg=0;
 	div_n=sdiv->top;
 	num_n=snum->top;
@@ -327,7 +327,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
 		tmp->top=j;
 		j=wnum.top;
-		BN_sub(&wnum,&wnum,tmp);
+		if (!BN_sub(&wnum,&wnum,tmp)) goto err;
 		snum->top=snum->top+wnum.top-j;
@@ -335,7 +335,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
 			{
 			q--;
 			j=wnum.top;
-			BN_add(&wnum,&wnum,sdiv);
+			if (!BN_add(&wnum,&wnum,sdiv)) goto err;
 			snum->top+=wnum.top-j;
 			}
 		*(resp--)=q;

--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -221,7 +221,7 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
 	if (!BN_mul(t1,t2,&mont->N,ctx)) goto err;
 	if (!BN_add(t2,a,t1)) goto err;
-	BN_rshift(ret,t2,mont->ri);
+	if (!BN_rshift(ret,t2,mont->ri)) goto err;
 #endif /* MONT_WORD */
 	if (BN_ucmp(ret, &(mont->N)) >= 0)
@@ -282,8 +282,8 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
 		BN_ULONG buf[2];
 		mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
-		BN_zero(R);
+		if (!(BN_zero(R))) goto err;
-		BN_set_bit(R,BN_BITS2);			/* R */
+		if (!(BN_set_bit(R,BN_BITS2))) goto err;	/* R */
 		buf[0]=mod->d[0]; /* tmod = N mod word size */
 		buf[1]=0;

--- a/crypto/bn/bn_mul.c
+++ b/crypto/bn/bn_mul.c
@@ -964,7 +964,7 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
 	if ((al == 0) || (bl == 0))
 		{
-		BN_zero(r);
+		if (!BN_zero(r)) goto err;
 		return(1);
 		}
 	top=al+bl;
@@ -1044,7 +1044,7 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
 		if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA))
 			{
 			BIGNUM *tmp_bn = (BIGNUM *)b;
-			bn_wexpand(tmp_bn,al);
+			if (bn_wexpand(tmp_bn,al) == NULL) goto err;
 			tmp_bn->d[bl]=0;
 			bl++;
 			i--;
@@ -1052,7 +1052,7 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
 		else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA))
 			{
 			BIGNUM *tmp_bn = (BIGNUM *)a;
-			bn_wexpand(tmp_bn,bl);
+			if (bn_wexpand(tmp_bn,bl) == NULL) goto err;
 			tmp_bn->d[al]=0;
 			al++;
 			i++;
@@ -1067,14 +1067,14 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
 			t = BN_CTX_get(ctx);
 			if (al == j) /* exact multiple */
 				{
-				bn_wexpand(t,k*2);
+				if (bn_wexpand(t,k*2) == NULL) goto err;
-				bn_wexpand(rr,k*2);
+				if (bn_wexpand(rr,k*2) == NULL) goto err;
 				bn_mul_recursive(rr->d,a->d,b->d,al,t->d);
 				}
 			else
 				{
-				bn_wexpand(t,k*4);
+				if (bn_wexpand(t,k*4) == NULL) goto err;
-				bn_wexpand(rr,k*4);
+				if (bn_wexpand(rr,k*4) == NULL) goto err;
 				bn_mul_part_recursive(rr->d,a->d,b->d,al-j,j,t->d);
 				}
 			rr->top=top;

--- a/crypto/evp/bio_enc.c
+++ b/crypto/evp/bio_enc.c
@@ -110,8 +110,8 @@ static int enc_new(BIO *bi)
 	BIO_ENC_CTX *ctx;
 	ctx=(BIO_ENC_CTX *)OPENSSL_malloc(sizeof(BIO_ENC_CTX));
-	EVP_CIPHER_CTX_init(&ctx->cipher);
 	if (ctx == NULL) return(0);
+	EVP_CIPHER_CTX_init(&ctx->cipher);
 	ctx->buf_len=0;
 	ctx->buf_off=0;

--- a/crypto/objects/o_names.c
+++ b/crypto/objects/o_names.c
@@ -79,6 +79,8 @@ int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),
 		{
 		MemCheck_off();
 		name_funcs = OPENSSL_malloc(sizeof(NAME_FUNCS));
+		MemCheck_on();
+		if (!name_funcs) return(0);
 		name_funcs->hash_func = lh_strhash;
 		name_funcs->cmp_func = OPENSSL_strcmp;
 		name_funcs->free_func = 0; /* NULL is often declared to
@@ -86,6 +88,7 @@ int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),
 						* to Compaq C is not really
 						* compatible with a function
 						* pointer.	-- Richard Levitte*/
+		MemCheck_off();
 		sk_NAME_FUNCS_push(name_funcs_stack,name_funcs);
 		MemCheck_on();
 		}

--- a/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c
@@ -236,7 +236,7 @@ int OBJ_add_object(const ASN1_OBJECT *obj)
 	if (added == NULL)
 		if (!init_added()) return(0);
 	if ((o=OBJ_dup(obj)) == NULL) goto err;
-	ao[ADDED_NID]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ));
+	if (!(ao[ADDED_NID]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err;
 	if ((o->length != 0) && (obj->data != NULL))
 		ao[ADDED_DATA]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ));
 	if (o->sn != NULL)

--- a/crypto/rsa/rsa_eay.c
+++ b/crypto/rsa/rsa_eay.c
@@ -479,10 +479,10 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
 	int ret=0;
 	BN_CTX *ctx;
-	if ((ctx=BN_CTX_new()) == NULL) goto err;
 	BN_init(&m1);
 	BN_init(&r1);
 	BN_init(&vrfy);
+	if ((ctx=BN_CTX_new()) == NULL) goto err;
 	if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
 		{

--- a/crypto/txt_db/txt_db.c
+++ b/crypto/txt_db/txt_db.c
@@ -122,7 +122,7 @@ TXT_DB *TXT_DB_read(BIO *in, int num)
 		else
 			{
 			buf->data[offset-1]='\0'; /* blat the '\n' */
-			p=(char *)OPENSSL_malloc(add+offset);
+			if (!(p=(char *)OPENSSL_malloc(add+offset))) goto err;
 			offset=0;
 			}
 		pp=(char **)p;

--- a/crypto/x509v3/v3_ia5.c
+++ b/crypto/x509v3/v3_ia5.c
@@ -82,7 +82,7 @@ static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
 {
 	char *tmp;
 	if(!ia5 || !ia5->length) return NULL;
-	tmp = OPENSSL_malloc(ia5->length + 1);
+	if (!(tmp = OPENSSL_malloc(ia5->length + 1))) return NULL;
 	memcpy(tmp, ia5->data, ia5->length);
 	tmp[ia5->length] = 0;
 	return tmp;