提交 ca96d389 编写于 作者: D Dr. Stephen Henson

PR: 2251

Submitted by: Ger Hobbelt <ger@hobbelt.com>
Approved by: steve@openssl.org

Memleak, BIO chain leak and realloc checks in v3_pci.c
上级 9f088669
...@@ -128,7 +128,12 @@ static int process_pci_value(CONF_VALUE *val, ...@@ -128,7 +128,12 @@ static int process_pci_value(CONF_VALUE *val,
unsigned char *tmp_data2 = unsigned char *tmp_data2 =
string_to_hex(val->value + 4, &val_len); string_to_hex(val->value + 4, &val_len);
if (!tmp_data2) goto err; if (!tmp_data2)
{
X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_ILLEGAL_HEX_DIGIT);
X509V3_conf_err(val);
goto err;
}
tmp_data = OPENSSL_realloc((*policy)->data, tmp_data = OPENSSL_realloc((*policy)->data,
(*policy)->length + val_len + 1); (*policy)->length + val_len + 1);
...@@ -140,6 +145,17 @@ static int process_pci_value(CONF_VALUE *val, ...@@ -140,6 +145,17 @@ static int process_pci_value(CONF_VALUE *val,
(*policy)->length += val_len; (*policy)->length += val_len;
(*policy)->data[(*policy)->length] = '\0'; (*policy)->data[(*policy)->length] = '\0';
} }
else
{
OPENSSL_free(tmp_data2);
/* realloc failure implies the original data space is b0rked too! */
(*policy)->data = NULL;
(*policy)->length = 0;
X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
X509V3_conf_err(val);
goto err;
}
OPENSSL_free(tmp_data2);
} }
else if (strncmp(val->value, "file:", 5) == 0) else if (strncmp(val->value, "file:", 5) == 0)
{ {
...@@ -169,6 +185,7 @@ static int process_pci_value(CONF_VALUE *val, ...@@ -169,6 +185,7 @@ static int process_pci_value(CONF_VALUE *val,
(*policy)->length += n; (*policy)->length += n;
(*policy)->data[(*policy)->length] = '\0'; (*policy)->data[(*policy)->length] = '\0';
} }
BIO_free_all(b);
if (n < 0) if (n < 0)
{ {
...@@ -190,6 +207,15 @@ static int process_pci_value(CONF_VALUE *val, ...@@ -190,6 +207,15 @@ static int process_pci_value(CONF_VALUE *val,
(*policy)->length += val_len; (*policy)->length += val_len;
(*policy)->data[(*policy)->length] = '\0'; (*policy)->data[(*policy)->length] = '\0';
} }
else
{
/* realloc failure implies the original data space is b0rked too! */
(*policy)->data = NULL;
(*policy)->length = 0;
X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
X509V3_conf_err(val);
goto err;
}
} }
else else
{ {
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册