154 lines
5.4 KiB
Diff
154 lines
5.4 KiB
Diff
commit 515c728dbaa92211d2eafb0041ab9fcd258fdc41
|
|
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
|
|
Date: Mon Sep 9 19:12:25 2019 +0200
|
|
|
|
Fix potential memory leaks with BN_to_ASN1_INTEGER
|
|
|
|
Reviewed-by: Paul Dale <paul.dale@oracle.com>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
(Merged from https://github.com/openssl/openssl/pull/9833)
|
|
|
|
(cherry picked from commit f28bc7d386b25fb75625d0c62c6b2e6d21de0d09)
|
|
|
|
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
|
|
index 1ce1181fc1..7cbf8de981 100644
|
|
--- a/crypto/ec/ec_asn1.c
|
|
+++ b/crypto/ec/ec_asn1.c
|
|
@@ -446,6 +446,7 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group,
|
|
unsigned char *buffer = NULL;
|
|
const EC_POINT *point = NULL;
|
|
point_conversion_form_t form;
|
|
+ ASN1_INTEGER *orig;
|
|
|
|
if (params == NULL) {
|
|
if ((ret = ECPARAMETERS_new()) == NULL) {
|
|
@@ -496,8 +497,9 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group,
|
|
ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_EC_LIB);
|
|
goto err;
|
|
}
|
|
- ret->order = BN_to_ASN1_INTEGER(tmp, ret->order);
|
|
+ ret->order = BN_to_ASN1_INTEGER(tmp, orig = ret->order);
|
|
if (ret->order == NULL) {
|
|
+ ret->order = orig;
|
|
ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_ASN1_LIB);
|
|
goto err;
|
|
}
|
|
@@ -505,8 +507,9 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group,
|
|
/* set the cofactor (optional) */
|
|
tmp = EC_GROUP_get0_cofactor(group);
|
|
if (tmp != NULL) {
|
|
- ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor);
|
|
+ ret->cofactor = BN_to_ASN1_INTEGER(tmp, orig = ret->cofactor);
|
|
if (ret->cofactor == NULL) {
|
|
+ ret->cofactor = orig;
|
|
ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_ASN1_LIB);
|
|
goto err;
|
|
}
|
|
diff --git a/crypto/x509v3/v3_asid.c b/crypto/x509v3/v3_asid.c
|
|
index 089f2ae29f..ef2d64826f 100644
|
|
--- a/crypto/x509v3/v3_asid.c
|
|
+++ b/crypto/x509v3/v3_asid.c
|
|
@@ -256,6 +256,7 @@ static int extract_min_max(ASIdOrRange *aor,
|
|
static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
|
|
{
|
|
ASN1_INTEGER *a_max_plus_one = NULL;
|
|
+ ASN1_INTEGER *orig;
|
|
BIGNUM *bn = NULL;
|
|
int i, ret = 0;
|
|
|
|
@@ -298,9 +299,15 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
|
|
*/
|
|
if ((bn == NULL && (bn = BN_new()) == NULL) ||
|
|
ASN1_INTEGER_to_BN(a_max, bn) == NULL ||
|
|
- !BN_add_word(bn, 1) ||
|
|
- (a_max_plus_one =
|
|
- BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) {
|
|
+ !BN_add_word(bn, 1)) {
|
|
+ X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL,
|
|
+ ERR_R_MALLOC_FAILURE);
|
|
+ goto done;
|
|
+ }
|
|
+
|
|
+ if ((a_max_plus_one =
|
|
+ BN_to_ASN1_INTEGER(bn, orig = a_max_plus_one)) == NULL) {
|
|
+ a_max_plus_one = orig;
|
|
X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL,
|
|
ERR_R_MALLOC_FAILURE);
|
|
goto done;
|
|
@@ -351,6 +358,7 @@ int X509v3_asid_is_canonical(ASIdentifiers *asid)
|
|
static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
|
|
{
|
|
ASN1_INTEGER *a_max_plus_one = NULL;
|
|
+ ASN1_INTEGER *orig;
|
|
BIGNUM *bn = NULL;
|
|
int i, ret = 0;
|
|
|
|
@@ -416,9 +424,15 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
|
|
*/
|
|
if ((bn == NULL && (bn = BN_new()) == NULL) ||
|
|
ASN1_INTEGER_to_BN(a_max, bn) == NULL ||
|
|
- !BN_add_word(bn, 1) ||
|
|
- (a_max_plus_one =
|
|
- BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) {
|
|
+ !BN_add_word(bn, 1)) {
|
|
+ X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
|
|
+ ERR_R_MALLOC_FAILURE);
|
|
+ goto done;
|
|
+ }
|
|
+
|
|
+ if ((a_max_plus_one =
|
|
+ BN_to_ASN1_INTEGER(bn, orig = a_max_plus_one)) == NULL) {
|
|
+ a_max_plus_one = orig;
|
|
X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
|
|
ERR_R_MALLOC_FAILURE);
|
|
goto done;
|
|
commit 86ed78676c660b553696cc10c682962522dfeb6c
|
|
Author: Tomas Mraz <tmraz@fedoraproject.org>
|
|
Date: Thu Sep 12 12:27:36 2019 +0200
|
|
|
|
BIO_f_zlib: Properly handle BIO_CTRL_PENDING and BIO_CTRL_WPENDING calls.
|
|
|
|
There can be data to write in output buffer and data to read that were
|
|
not yet read in the input stream.
|
|
|
|
Fixes #9866
|
|
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
(Merged from https://github.com/openssl/openssl/pull/9877)
|
|
|
|
(cherry picked from commit 6beb8b39ba8e4cb005c1fcd2586ba19e17f04b95)
|
|
|
|
diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c
|
|
index d688deee5f..7c1be358fd 100644
|
|
--- a/crypto/comp/c_zlib.c
|
|
+++ b/crypto/comp/c_zlib.c
|
|
@@ -598,6 +598,28 @@ static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr)
|
|
BIO_copy_next_retry(b);
|
|
break;
|
|
|
|
+ case BIO_CTRL_WPENDING:
|
|
+ if (ctx->obuf == NULL)
|
|
+ return 0;
|
|
+
|
|
+ if (ctx->odone) {
|
|
+ ret = ctx->ocount;
|
|
+ } else {
|
|
+ ret = ctx->ocount;
|
|
+ if (ret == 0)
|
|
+ /* Unknown amount pending but we are not finished */
|
|
+ ret = 1;
|
|
+ }
|
|
+ if (ret == 0)
|
|
+ ret = BIO_ctrl(next, cmd, num, ptr);
|
|
+ break;
|
|
+
|
|
+ case BIO_CTRL_PENDING:
|
|
+ ret = ctx->zin.avail_in;
|
|
+ if (ret == 0)
|
|
+ ret = BIO_ctrl(next, cmd, num, ptr);
|
|
+ break;
|
|
+
|
|
default:
|
|
ret = BIO_ctrl(next, cmd, num, ptr);
|
|
break;
|