The branch master has been updated
via eae4a008341149783b540198470f04f85b22730e (commit)
via c8ea9bc6702e30f4efa690906abd14c5eab927cf (commit)
via e2cc68c8fda7792eb2f09ac152dd346bb90ad316 (commit)
via 5999d20ea8ed1c69e89b201fa70a5964ff11665e (commit)
via 821278a885c7c8edb5bca943006df5700257390e (commit)
via fd7d574dd98761d41d87a777c0b4f044ecc075be (commit)
via 84ba665d72906c36b158071035896f50a9aad808 (commit)
from 2f1d0b35c12f50e971ef626ff9bbf35a53f9a66d (commit)
- Log -----------------------------------------------------------------
commit eae4a008341149783b540198470f04f85b22730e
Author: Shane Lontis <shane.lon...@oracle.com>
Date: Tue Jul 7 09:50:34 2020 +1000
Fix CID 1454808: Error handling issues NEGATIVE_RETURNS
(PKCS7_dataDecode())
Reviewed-by: Dmitry Belyavskiy <beld...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12379)
commit c8ea9bc6702e30f4efa690906abd14c5eab927cf
Author: Shane Lontis <shane.lon...@oracle.com>
Date: Tue Jul 7 09:46:37 2020 +1000
Fix CID 1454806: NEGATIVE_RETURNS (cms_enc.c)
Reviewed-by: Dmitry Belyavskiy <beld...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12379)
commit e2cc68c8fda7792eb2f09ac152dd346bb90ad316
Author: Shane Lontis <shane.lon...@oracle.com>
Date: Mon Jul 6 17:35:23 2020 +1000
Fix CID 1465213: Integer handling issues (evp_extra_test.c)
Reviewed-by: Dmitry Belyavskiy <beld...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12379)
commit 5999d20ea8ed1c69e89b201fa70a5964ff11665e
Author: Shane Lontis <shane.lon...@oracle.com>
Date: Mon Jul 6 16:13:48 2020 +1000
Fix CID 1463883 Dereference after null check (in ess_find_cert_v2())
Reviewed-by: Dmitry Belyavskiy <beld...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12379)
commit 821278a885c7c8edb5bca943006df5700257390e
Author: Shane Lontis <shane.lon...@oracle.com>
Date: Mon Jul 6 14:31:32 2020 +1000
Fix CID 1465214 Resource leak (in file_load.c)
Reviewed-by: Dmitry Belyavskiy <beld...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12379)
commit fd7d574dd98761d41d87a777c0b4f044ecc075be
Author: Shane Lontis <shane.lon...@oracle.com>
Date: Mon Jul 6 14:16:09 2020 +1000
Fix CID 1465215 : Explicit null dereferenced (in test)
Reviewed-by: Dmitry Belyavskiy <beld...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12379)
commit 84ba665d72906c36b158071035896f50a9aad808
Author: Shane Lontis <shane.lon...@oracle.com>
Date: Mon Jul 6 14:08:58 2020 +1000
Fix CID #1465216 Resource leak in property_fetch
Reviewed-by: Dmitry Belyavskiy <beld...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12379)
-----------------------------------------------------------------------
Summary of changes:
crypto/cms/cms_enc.c | 7 ++++++-
crypto/ess/ess_lib.c | 4 +++-
crypto/pkcs7/pk7_doit.c | 7 +++++--
crypto/property/property.c | 2 +-
crypto/store/loader_file.c | 4 +++-
test/evp_extra_test.c | 8 ++++----
test/evp_pkey_provided_test.c | 2 ++
7 files changed, 24 insertions(+), 10 deletions(-)
diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c
index 3a17a2798b..5f9e2b3a52 100644
--- a/crypto/cms/cms_enc.c
+++ b/crypto/cms/cms_enc.c
@@ -28,6 +28,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo
*ec)
X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL;
unsigned char *tkey = NULL;
+ int len;
size_t tkeylen = 0;
int ok = 0;
@@ -81,7 +82,11 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo
*ec)
CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
goto err;
}
- tkeylen = EVP_CIPHER_CTX_key_length(ctx);
+ len = EVP_CIPHER_CTX_key_length(ctx);
+ if (len <= 0)
+ goto err;
+ tkeylen = (size_t)len;
+
/* Generate random session key */
if (!enc || !ec->key) {
tkey = OPENSSL_malloc(tkeylen);
diff --git a/crypto/ess/ess_lib.c b/crypto/ess/ess_lib.c
index 17f9db98ff..3f418235ad 100644
--- a/crypto/ess/ess_lib.c
+++ b/crypto/ess/ess_lib.c
@@ -339,7 +339,9 @@ int ess_find_cert_v2(const STACK_OF(ESS_CERT_ID_V2)
*cert_ids, const X509 *cert)
const ESS_CERT_ID_V2 *cid = sk_ESS_CERT_ID_V2_value(cert_ids, i);
const EVP_MD *md;
- if (cid != NULL && cid->hash_alg != NULL)
+ if (cid == NULL)
+ return -1;
+ if (cid->hash_alg != NULL)
md = EVP_get_digestbyobj(cid->hash_alg->algorithm);
else
md = EVP_sha256();
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index 3e2065244d..718b6f3899 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -361,7 +361,7 @@ static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert)
/* int */
BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
{
- int i, j;
+ int i, j, len;
BIO *out = NULL, *btmp = NULL, *etmp = NULL, *bio = NULL;
X509_ALGOR *xa;
ASN1_OCTET_STRING *data_body = NULL;
@@ -524,7 +524,10 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO
*in_bio, X509 *pcert)
if (EVP_CIPHER_asn1_to_param(evp_ctx, enc_alg->parameter) < 0)
goto err;
/* Generate random key as MMA defence */
- tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx);
+ len = EVP_CIPHER_CTX_key_length(evp_ctx);
+ if (len <= 0)
+ goto err;
+ tkeylen = (size_t)len;
tkey = OPENSSL_malloc(tkeylen);
if (tkey == NULL)
goto err;
diff --git a/crypto/property/property.c b/crypto/property/property.c
index a3b52ee44d..645e361b0a 100644
--- a/crypto/property/property.c
+++ b/crypto/property/property.c
@@ -358,9 +358,9 @@ int ossl_method_store_fetch(OSSL_METHOD_STORE *store, int
nid,
pq = *plp;
} else {
p2 = ossl_property_merge(pq, *plp);
+ ossl_property_free(pq);
if (p2 == NULL)
goto fin;
- ossl_property_free(pq);
pq = p2;
}
}
diff --git a/crypto/store/loader_file.c b/crypto/store/loader_file.c
index ed74e55834..9a2ada335d 100644
--- a/crypto/store/loader_file.c
+++ b/crypto/store/loader_file.c
@@ -1545,8 +1545,10 @@ static OSSL_STORE_INFO *file_load(OSSL_STORE_LOADER_CTX
*ctx,
} while (matchcount == 0 && !file_eof(ctx) && !file_error(ctx));
/* We bail out on ambiguity */
- if (matchcount > 1)
+ if (matchcount > 1) {
+ OSSL_STORE_INFO_free(result);
return NULL;
+ }
if (result != NULL
&& ctx->expected_type != 0
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index 1876bdcf11..f31ba31e09 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -802,7 +802,7 @@ static int test_privatekey_to_pkcs8(void)
EVP_PKEY *pkey = NULL;
BIO *membio = NULL;
char *membuf = NULL;
- size_t membuf_len = 0;
+ long membuf_len = 0;
int ok = 0;
if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
@@ -810,9 +810,9 @@ static int test_privatekey_to_pkcs8(void)
|| !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
NULL, 0, NULL, NULL),
0)
- || !TEST_ptr((membuf_len = (size_t)BIO_get_mem_data(membio, &membuf),
- membuf))
- || !TEST_mem_eq(membuf, membuf_len,
+ || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
+ || !TEST_ptr(membuf)
+ || !TEST_mem_eq(membuf, (size_t)membuf_len,
kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
/*
* We try to write PEM as well, just to see that it doesn't err, but
diff --git a/test/evp_pkey_provided_test.c b/test/evp_pkey_provided_test.c
index fd3e580d8c..7e063bb77b 100644
--- a/test/evp_pkey_provided_test.c
+++ b/test/evp_pkey_provided_test.c
@@ -841,6 +841,8 @@ static int test_fromdata_ecx(int tst)
size = ED448_KEYLEN;
alg = "ED448";
break;
+ default:
+ goto err;
}
ctx = EVP_PKEY_CTX_new_from_name(NULL, alg, NULL);
