[EGIT] [core/efl] master 01/01: eet, emile: safety++

Wed, 03 Feb 2021 17:13:15 -0800 

kimcinoo pushed a commit to branch master.

http://git.enlightenment.org/core/efl.git/commit/?id=ab969c5915847ba2133608283249c92ebe89c9e8

commit ab969c5915847ba2133608283249c92ebe89c9e8
Author: Shinwoo Kim <cinoo....@samsung.com>
Date:   Thu Feb 4 10:11:16 2021 +0900

    eet, emile: safety++
    
    Summary:
    (1) EVP_MD_CTX_new could return NULL
    (2) EVP_DigestUpdate returns 0 for failure.
      https://www.openssl.org/docs/man1.0.2/man3/EVP_DigestUpdate.html
    
    Reviewers: raster, Hermet, cedric, devilhorns
    
    Reviewed By: devilhorns
    
    Subscribers: SPAM-roll99, devilhorns, #reviewers, #committers
    
    Tags: #efl
    
    Differential Revision: https://phab.enlightenment.org/D12237
---
 src/lib/eet/eet_cipher.c             | 15 +++++++++++++++
 src/lib/emile/emile_cipher_openssl.c |  8 +++++++-
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/src/lib/eet/eet_cipher.c b/src/lib/eet/eet_cipher.c
index 51f8513dce..025750cc98 100644
--- a/src/lib/eet/eet_cipher.c
+++ b/src/lib/eet/eet_cipher.c
@@ -564,6 +564,11 @@ eet_identity_sign(FILE    *fp,
    /* Do the signature. */
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
    md_ctx = EVP_MD_CTX_new();
+   if (!md_ctx)
+     {
+        err = EET_ERROR_OUT_OF_MEMORY;
+        goto on_error;
+     }
    EVP_SignInit(md_ctx, EVP_sha1());
    EVP_SignUpdate(md_ctx, data, st_buf.st_size);
    err = EVP_SignFinal(md_ctx,
@@ -776,6 +781,16 @@ eet_identity_check(const void   *data_base,
    /* Verify the signature */
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
    md_ctx = EVP_MD_CTX_new();
+   if (!md_ctx)
+     {
+        err = EET_ERROR_OUT_OF_MEMORY;
+
+        X509_free(x509);
+        EVP_PKEY_free(pkey);
+
+        return NULL;
+     }
+
    EVP_VerifyInit(md_ctx, EVP_sha1());
    EVP_VerifyUpdate(md_ctx, data_base, data_length);
    err = EVP_VerifyFinal(md_ctx, sign, sign_len, pkey);
diff --git a/src/lib/emile/emile_cipher_openssl.c 
b/src/lib/emile/emile_cipher_openssl.c
index b09897ec9b..e5a1ed4135 100644
--- a/src/lib/emile/emile_cipher_openssl.c
+++ b/src/lib/emile/emile_cipher_openssl.c
@@ -75,10 +75,16 @@ emile_binbuf_sha1(const Eina_Binbuf * data, unsigned char 
digest[20])
    Eina_Slice slice = eina_binbuf_slice_get(data);
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+   if (!ctx) return EINA_FALSE;
 
    EVP_DigestInit_ex(ctx, md, NULL);
 
-   EVP_DigestUpdate(ctx, slice.mem, slice.len);
+   if (!EVP_DigestUpdate(ctx, slice.mem, slice.len))
+     {
+        EVP_MD_CTX_free(ctx);
+        return EINA_FALSE;
+     }
+
    EVP_DigestFinal_ex(ctx, digest, NULL);
 
    EVP_MD_CTX_free(ctx);

--

Reply via email to