提交 e5a5e3f3 编写于 作者: F FdaSilvaYY 提交者: Matt Caswell

Add checks on CRYPTO_set_ex_data return value

Fix possible leak in danetest.c
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
上级 a98810bf
...@@ -154,6 +154,7 @@ static void dynamic_data_ctx_free_func(void *parent, void *ptr, ...@@ -154,6 +154,7 @@ static void dynamic_data_ctx_free_func(void *parent, void *ptr,
static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx) static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx)
{ {
dynamic_data_ctx *c = OPENSSL_zalloc(sizeof(*c)); dynamic_data_ctx *c = OPENSSL_zalloc(sizeof(*c));
int ret = 1;
if (c == NULL) { if (c == NULL) {
ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX, ERR_R_MALLOC_FAILURE); ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX, ERR_R_MALLOC_FAILURE);
...@@ -173,9 +174,11 @@ static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx) ...@@ -173,9 +174,11 @@ static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx)
dynamic_ex_data_idx)) dynamic_ex_data_idx))
== NULL) { == NULL) {
/* Good, we're the first */ /* Good, we're the first */
ENGINE_set_ex_data(e, dynamic_ex_data_idx, c); ret = ENGINE_set_ex_data(e, dynamic_ex_data_idx, c);
*ctx = c; if (ret) {
c = NULL; *ctx = c;
c = NULL;
}
} }
CRYPTO_THREAD_unlock(global_engine_lock); CRYPTO_THREAD_unlock(global_engine_lock);
/* /*
...@@ -185,7 +188,7 @@ static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx) ...@@ -185,7 +188,7 @@ static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx)
if (c) if (c)
sk_OPENSSL_STRING_free(c->dirs); sk_OPENSSL_STRING_free(c->dirs);
OPENSSL_free(c); OPENSSL_free(c);
return 1; return ret;
} }
/* /*
......
...@@ -74,7 +74,7 @@ static void print_errors(void) ...@@ -74,7 +74,7 @@ static void print_errors(void)
static int verify_chain(SSL *ssl, STACK_OF(X509) *chain) static int verify_chain(SSL *ssl, STACK_OF(X509) *chain)
{ {
int ret; int ret = -1;
X509_STORE_CTX *store_ctx; X509_STORE_CTX *store_ctx;
SSL_CTX *ssl_ctx = SSL_get_SSL_CTX(ssl); SSL_CTX *ssl_ctx = SSL_get_SSL_CTX(ssl);
X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx); X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
...@@ -85,8 +85,9 @@ static int verify_chain(SSL *ssl, STACK_OF(X509) *chain) ...@@ -85,8 +85,9 @@ static int verify_chain(SSL *ssl, STACK_OF(X509) *chain)
return -1; return -1;
if (!X509_STORE_CTX_init(store_ctx, store, cert, chain)) if (!X509_STORE_CTX_init(store_ctx, store, cert, chain))
return 0; goto end;
X509_STORE_CTX_set_ex_data(store_ctx, store_ctx_idx, ssl); if (!X509_STORE_CTX_set_ex_data(store_ctx, store_ctx_idx, ssl))
goto end;
X509_STORE_CTX_set_default(store_ctx, X509_STORE_CTX_set_default(store_ctx,
SSL_is_server(ssl) ? "ssl_client" : "ssl_server"); SSL_is_server(ssl) ? "ssl_client" : "ssl_server");
...@@ -101,6 +102,7 @@ static int verify_chain(SSL *ssl, STACK_OF(X509) *chain) ...@@ -101,6 +102,7 @@ static int verify_chain(SSL *ssl, STACK_OF(X509) *chain)
SSL_set_verify_result(ssl, X509_STORE_CTX_get_error(store_ctx)); SSL_set_verify_result(ssl, X509_STORE_CTX_get_error(store_ctx));
X509_STORE_CTX_cleanup(store_ctx); X509_STORE_CTX_cleanup(store_ctx);
end:
X509_STORE_CTX_free(store_ctx); X509_STORE_CTX_free(store_ctx);
return (ret); return (ret);
......
...@@ -187,11 +187,8 @@ ...@@ -187,11 +187,8 @@
-T CRYPTO_EX_DATA_FUNCS -T CRYPTO_EX_DATA_FUNCS
-T CRYPTO_EX_DATA_IMPL -T CRYPTO_EX_DATA_IMPL
-T CRYPTO_EX_dup -T CRYPTO_EX_dup
-T CRYPTO_EX_dup
-T CRYPTO_EX_free
-T CRYPTO_EX_free -T CRYPTO_EX_free
-T CRYPTO_EX_new -T CRYPTO_EX_new
-T CRYPTO_EX_new
-T CRYPTO_MEM_LEAK_CB -T CRYPTO_MEM_LEAK_CB
-T CRYPTO_THREADID -T CRYPTO_THREADID
-T CRYPTO_dynlock_value -T CRYPTO_dynlock_value
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册