The branch master has been updated via eae4a008341149783b540198470f04f85b22730e (commit) via c8ea9bc6702e30f4efa690906abd14c5eab927cf (commit) via e2cc68c8fda7792eb2f09ac152dd346bb90ad316 (commit) via 5999d20ea8ed1c69e89b201fa70a5964ff11665e (commit) via 821278a885c7c8edb5bca943006df5700257390e (commit) via fd7d574dd98761d41d87a777c0b4f044ecc075be (commit) via 84ba665d72906c36b158071035896f50a9aad808 (commit) from 2f1d0b35c12f50e971ef626ff9bbf35a53f9a66d (commit)
- Log ----------------------------------------------------------------- commit eae4a008341149783b540198470f04f85b22730e Author: Shane Lontis <shane.lon...@oracle.com> Date: Tue Jul 7 09:50:34 2020 +1000 Fix CID 1454808: Error handling issues NEGATIVE_RETURNS (PKCS7_dataDecode()) Reviewed-by: Dmitry Belyavskiy <beld...@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12379) commit c8ea9bc6702e30f4efa690906abd14c5eab927cf Author: Shane Lontis <shane.lon...@oracle.com> Date: Tue Jul 7 09:46:37 2020 +1000 Fix CID 1454806: NEGATIVE_RETURNS (cms_enc.c) Reviewed-by: Dmitry Belyavskiy <beld...@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12379) commit e2cc68c8fda7792eb2f09ac152dd346bb90ad316 Author: Shane Lontis <shane.lon...@oracle.com> Date: Mon Jul 6 17:35:23 2020 +1000 Fix CID 1465213: Integer handling issues (evp_extra_test.c) Reviewed-by: Dmitry Belyavskiy <beld...@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12379) commit 5999d20ea8ed1c69e89b201fa70a5964ff11665e Author: Shane Lontis <shane.lon...@oracle.com> Date: Mon Jul 6 16:13:48 2020 +1000 Fix CID 1463883 Dereference after null check (in ess_find_cert_v2()) Reviewed-by: Dmitry Belyavskiy <beld...@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12379) commit 821278a885c7c8edb5bca943006df5700257390e Author: Shane Lontis <shane.lon...@oracle.com> Date: Mon Jul 6 14:31:32 2020 +1000 Fix CID 1465214 Resource leak (in file_load.c) Reviewed-by: Dmitry Belyavskiy <beld...@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12379) commit fd7d574dd98761d41d87a777c0b4f044ecc075be Author: Shane Lontis <shane.lon...@oracle.com> Date: Mon Jul 6 14:16:09 2020 +1000 Fix CID 1465215 : Explicit null dereferenced (in test) Reviewed-by: Dmitry Belyavskiy <beld...@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12379) commit 84ba665d72906c36b158071035896f50a9aad808 Author: Shane Lontis <shane.lon...@oracle.com> Date: Mon Jul 6 14:08:58 2020 +1000 Fix CID #1465216 Resource leak in property_fetch Reviewed-by: Dmitry Belyavskiy <beld...@gmail.com> (Merged from https://github.com/openssl/openssl/pull/12379) ----------------------------------------------------------------------- Summary of changes: crypto/cms/cms_enc.c | 7 ++++++- crypto/ess/ess_lib.c | 4 +++- crypto/pkcs7/pk7_doit.c | 7 +++++-- crypto/property/property.c | 2 +- crypto/store/loader_file.c | 4 +++- test/evp_extra_test.c | 8 ++++---- test/evp_pkey_provided_test.c | 2 ++ 7 files changed, 24 insertions(+), 10 deletions(-) diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c index 3a17a2798b..5f9e2b3a52 100644 --- a/crypto/cms/cms_enc.c +++ b/crypto/cms/cms_enc.c @@ -28,6 +28,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) X509_ALGOR *calg = ec->contentEncryptionAlgorithm; unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL; unsigned char *tkey = NULL; + int len; size_t tkeylen = 0; int ok = 0; @@ -81,7 +82,11 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR); goto err; } - tkeylen = EVP_CIPHER_CTX_key_length(ctx); + len = EVP_CIPHER_CTX_key_length(ctx); + if (len <= 0) + goto err; + tkeylen = (size_t)len; + /* Generate random session key */ if (!enc || !ec->key) { tkey = OPENSSL_malloc(tkeylen); diff --git a/crypto/ess/ess_lib.c b/crypto/ess/ess_lib.c index 17f9db98ff..3f418235ad 100644 --- a/crypto/ess/ess_lib.c +++ b/crypto/ess/ess_lib.c @@ -339,7 +339,9 @@ int ess_find_cert_v2(const STACK_OF(ESS_CERT_ID_V2) *cert_ids, const X509 *cert) const ESS_CERT_ID_V2 *cid = sk_ESS_CERT_ID_V2_value(cert_ids, i); const EVP_MD *md; - if (cid != NULL && cid->hash_alg != NULL) + if (cid == NULL) + return -1; + if (cid->hash_alg != NULL) md = EVP_get_digestbyobj(cid->hash_alg->algorithm); else md = EVP_sha256(); diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 3e2065244d..718b6f3899 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -361,7 +361,7 @@ static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert) /* int */ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) { - int i, j; + int i, j, len; BIO *out = NULL, *btmp = NULL, *etmp = NULL, *bio = NULL; X509_ALGOR *xa; ASN1_OCTET_STRING *data_body = NULL; @@ -524,7 +524,10 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) if (EVP_CIPHER_asn1_to_param(evp_ctx, enc_alg->parameter) < 0) goto err; /* Generate random key as MMA defence */ - tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx); + len = EVP_CIPHER_CTX_key_length(evp_ctx); + if (len <= 0) + goto err; + tkeylen = (size_t)len; tkey = OPENSSL_malloc(tkeylen); if (tkey == NULL) goto err; diff --git a/crypto/property/property.c b/crypto/property/property.c index a3b52ee44d..645e361b0a 100644 --- a/crypto/property/property.c +++ b/crypto/property/property.c @@ -358,9 +358,9 @@ int ossl_method_store_fetch(OSSL_METHOD_STORE *store, int nid, pq = *plp; } else { p2 = ossl_property_merge(pq, *plp); + ossl_property_free(pq); if (p2 == NULL) goto fin; - ossl_property_free(pq); pq = p2; } } diff --git a/crypto/store/loader_file.c b/crypto/store/loader_file.c index ed74e55834..9a2ada335d 100644 --- a/crypto/store/loader_file.c +++ b/crypto/store/loader_file.c @@ -1545,8 +1545,10 @@ static OSSL_STORE_INFO *file_load(OSSL_STORE_LOADER_CTX *ctx, } while (matchcount == 0 && !file_eof(ctx) && !file_error(ctx)); /* We bail out on ambiguity */ - if (matchcount > 1) + if (matchcount > 1) { + OSSL_STORE_INFO_free(result); return NULL; + } if (result != NULL && ctx->expected_type != 0 diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 1876bdcf11..f31ba31e09 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -802,7 +802,7 @@ static int test_privatekey_to_pkcs8(void) EVP_PKEY *pkey = NULL; BIO *membio = NULL; char *membuf = NULL; - size_t membuf_len = 0; + long membuf_len = 0; int ok = 0; if (!TEST_ptr(membio = BIO_new(BIO_s_mem())) @@ -810,9 +810,9 @@ static int test_privatekey_to_pkcs8(void) || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL, NULL, 0, NULL, NULL), 0) - || !TEST_ptr((membuf_len = (size_t)BIO_get_mem_data(membio, &membuf), - membuf)) - || !TEST_mem_eq(membuf, membuf_len, + || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0) + || !TEST_ptr(membuf) + || !TEST_mem_eq(membuf, (size_t)membuf_len, kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8)) /* * We try to write PEM as well, just to see that it doesn't err, but diff --git a/test/evp_pkey_provided_test.c b/test/evp_pkey_provided_test.c index fd3e580d8c..7e063bb77b 100644 --- a/test/evp_pkey_provided_test.c +++ b/test/evp_pkey_provided_test.c @@ -841,6 +841,8 @@ static int test_fromdata_ecx(int tst) size = ED448_KEYLEN; alg = "ED448"; break; + default: + goto err; } ctx = EVP_PKEY_CTX_new_from_name(NULL, alg, NULL);