Module Name: src Committed By: agc Date: Wed Oct 7 16:19:52 UTC 2009
Modified Files: src/crypto/external/bsd/netpgp/dist/src/lib: create.c crypto.h misc.c openssl_crypto.c packet-parse.c reader.c signature.c validate.c writer.c Log Message: More checking of allocation return values where not already done. Revamp hash initialisation to return a success/failure error code. Document places where we prefer to continue with a NULL buffer, rather than silently continue with possibly erroneous results. To generate a diff of this commit: cvs rdiff -u -r1.20 -r1.21 \ src/crypto/external/bsd/netpgp/dist/src/lib/create.c \ src/crypto/external/bsd/netpgp/dist/src/lib/signature.c \ src/crypto/external/bsd/netpgp/dist/src/lib/validate.c cvs rdiff -u -r1.10 -r1.11 \ src/crypto/external/bsd/netpgp/dist/src/lib/crypto.h cvs rdiff -u -r1.21 -r1.22 src/crypto/external/bsd/netpgp/dist/src/lib/misc.c cvs rdiff -u -r1.16 -r1.17 \ src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c cvs rdiff -u -r1.24 -r1.25 \ src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c \ src/crypto/external/bsd/netpgp/dist/src/lib/reader.c cvs rdiff -u -r1.14 -r1.15 \ src/crypto/external/bsd/netpgp/dist/src/lib/writer.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/crypto/external/bsd/netpgp/dist/src/lib/create.c diff -u src/crypto/external/bsd/netpgp/dist/src/lib/create.c:1.20 src/crypto/external/bsd/netpgp/dist/src/lib/create.c:1.21 --- src/crypto/external/bsd/netpgp/dist/src/lib/create.c:1.20 Tue Oct 6 02:26:05 2009 +++ src/crypto/external/bsd/netpgp/dist/src/lib/create.c Wed Oct 7 16:19:51 2009 @@ -57,7 +57,7 @@ #if defined(__NetBSD__) __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: create.c,v 1.20 2009/10/06 02:26:05 agc Exp $"); +__RCSID("$NetBSD: create.c,v 1.21 2009/10/07 16:19:51 agc Exp $"); #endif #include <sys/types.h> @@ -371,7 +371,10 @@ size = MIN(needed, OPS_SHA1_HASH_SIZE); __ops_hash_any(&hash, key->hash_alg); - hash.init(&hash); + if (!hash.init(&hash)) { + (void) fprintf(stderr, "write_seckey_body: bad alloc\n"); + return 0; + } /* preload if iterating */ for (j = 0; j < i; j++) { Index: src/crypto/external/bsd/netpgp/dist/src/lib/signature.c diff -u src/crypto/external/bsd/netpgp/dist/src/lib/signature.c:1.20 src/crypto/external/bsd/netpgp/dist/src/lib/signature.c:1.21 --- src/crypto/external/bsd/netpgp/dist/src/lib/signature.c:1.20 Wed Oct 7 04:18:47 2009 +++ src/crypto/external/bsd/netpgp/dist/src/lib/signature.c Wed Oct 7 16:19:51 2009 @@ -57,7 +57,7 @@ #if defined(__NetBSD__) __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: signature.c,v 1.20 2009/10/07 04:18:47 agc Exp $"); +__RCSID("$NetBSD: signature.c,v 1.21 2009/10/07 16:19:51 agc Exp $"); #endif #include <sys/types.h> @@ -378,7 +378,12 @@ initialise_hash(__ops_hash_t *hash, const __ops_sig_t *sig) { __ops_hash_any(hash, sig->info.hash_alg); - hash->init(hash); + if (!hash->init(hash)) { + (void) fprintf(stderr, + "initialise_hash: bad hash init\n"); + /* just continue and die */ + /* XXX - agc - no way to return failure */ + } } static void Index: src/crypto/external/bsd/netpgp/dist/src/lib/validate.c diff -u src/crypto/external/bsd/netpgp/dist/src/lib/validate.c:1.20 src/crypto/external/bsd/netpgp/dist/src/lib/validate.c:1.21 --- src/crypto/external/bsd/netpgp/dist/src/lib/validate.c:1.20 Wed Oct 7 04:18:47 2009 +++ src/crypto/external/bsd/netpgp/dist/src/lib/validate.c Wed Oct 7 16:19:51 2009 @@ -54,7 +54,7 @@ #if defined(__NetBSD__) __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: validate.c,v 1.20 2009/10/07 04:18:47 agc Exp $"); +__RCSID("$NetBSD: validate.c,v 1.21 2009/10/07 16:19:51 agc Exp $"); #endif #include <sys/types.h> @@ -104,7 +104,10 @@ __OPS_USED(signer); __ops_hash_any(&hash, sig->info.hash_alg); - hash.init(&hash); + if (!hash.init(&hash)) { + (void) fprintf(stderr, "check_binary_sig: bad hash init\n"); + return 0; + } hash.add(&hash, data, len); switch (sig->info.version) { case OPS_V3: Index: src/crypto/external/bsd/netpgp/dist/src/lib/crypto.h diff -u src/crypto/external/bsd/netpgp/dist/src/lib/crypto.h:1.10 src/crypto/external/bsd/netpgp/dist/src/lib/crypto.h:1.11 --- src/crypto/external/bsd/netpgp/dist/src/lib/crypto.h:1.10 Sat Jun 13 05:25:08 2009 +++ src/crypto/external/bsd/netpgp/dist/src/lib/crypto.h Wed Oct 7 16:19:51 2009 @@ -61,7 +61,7 @@ #define OPS_MIN_HASH_SIZE 16 -typedef void __ops_hash_init_t(__ops_hash_t *); +typedef int __ops_hash_init_t(__ops_hash_t *); typedef void __ops_hash_add_t(__ops_hash_t *, const unsigned char *, unsigned); typedef unsigned __ops_hash_finish_t(__ops_hash_t *, unsigned char *); Index: src/crypto/external/bsd/netpgp/dist/src/lib/misc.c diff -u src/crypto/external/bsd/netpgp/dist/src/lib/misc.c:1.21 src/crypto/external/bsd/netpgp/dist/src/lib/misc.c:1.22 --- src/crypto/external/bsd/netpgp/dist/src/lib/misc.c:1.21 Tue Oct 6 02:39:53 2009 +++ src/crypto/external/bsd/netpgp/dist/src/lib/misc.c Wed Oct 7 16:19:51 2009 @@ -57,7 +57,7 @@ #if defined(__NetBSD__) __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: misc.c,v 1.21 2009/10/06 02:39:53 agc Exp $"); +__RCSID("$NetBSD: misc.c,v 1.22 2009/10/07 16:19:51 agc Exp $"); #endif #include <sys/types.h> @@ -439,7 +439,11 @@ } __ops_hash_md5(&md5); - md5.init(&md5); + if (!md5.init(&md5)) { + (void) fprintf(stderr, + "__ops_fingerprint: bad md5 alloc\n"); + return; + } n = (size_t) BN_num_bytes(key->key.rsa.n); if ((bn = calloc(1, n)) == NULL) { @@ -474,7 +478,11 @@ fprintf(stderr, "-> creating key fingerprint\n"); } __ops_hash_sha1(&sha1); - sha1.init(&sha1); + if (!sha1.init(&sha1)) { + (void) fprintf(stderr, + "__ops_fingerprint: bad sha1 alloc\n"); + return; + } len = __ops_mem_len(mem); @@ -669,7 +677,11 @@ __ops_hash_t hash; __ops_hash_any(&hash, alg); - hash.init(&hash); + if (!hash.init(&hash)) { + (void) fprintf(stderr, "__ops_hash: bad alloc\n"); + /* we'll just continue here - don't want to return a 0 hash */ + /* XXX - agc - no way to return failure */ + } hash.add(&hash, in, length); return hash.finish(&hash, out); } @@ -708,7 +720,11 @@ } /* init */ __ops_hash_any(&hash, OPS_HASH_SHA1); - hash.init(&hash); + if (!hash.init(&hash)) { + (void) fprintf(stderr, "__ops_calc_mdc_hash: bad alloc\n"); + /* we'll just continue here - it will die anyway */ + /* agc - XXX - no way to return failure */ + } /* preamble */ hash.add(&hash, preamble, sz_preamble); @@ -771,16 +787,25 @@ void __ops_memory_init(__ops_memory_t *mem, size_t needed) { + unsigned char *temp; + mem->length = 0; if (mem->buf) { if (mem->allocated < needed) { - mem->buf = realloc(mem->buf, needed); + if ((temp = realloc(mem->buf, needed)) == NULL) { + (void) fprintf(stderr, "__ops_memory_init: bad alloc\n"); + } else { + mem->buf = temp; + mem->allocated = needed; + } + } + } else { + if ((mem->buf = calloc(1, needed)) == NULL) { + (void) fprintf(stderr, "__ops_memory_init: bad alloc\n"); + } else { mem->allocated = needed; } - return; } - mem->buf = calloc(1, needed); - mem->allocated = needed; } /** @@ -1100,9 +1125,13 @@ void __ops_reader_push_sum16(__ops_stream_t *stream) { - sum16_t *arg = calloc(1, sizeof(*arg)); + sum16_t *arg; - __ops_reader_push(stream, sum16_reader, sum16_destroyer, arg); + if ((arg = calloc(1, sizeof(*arg))) == NULL) { + (void) fprintf(stderr, "__ops_reader_push_sum16: bad alloc\n"); + } else { + __ops_reader_push(stream, sum16_reader, sum16_destroyer, arg); + } } /** Index: src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c diff -u src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c:1.16 src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c:1.17 --- src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c:1.16 Tue Oct 6 03:30:59 2009 +++ src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c Wed Oct 7 16:19:51 2009 @@ -57,7 +57,7 @@ #if defined(__NetBSD__) __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: openssl_crypto.c,v 1.16 2009/10/06 03:30:59 agc Exp $"); +__RCSID("$NetBSD: openssl_crypto.c,v 1.17 2009/10/07 16:19:51 agc Exp $"); #endif #ifdef HAVE_OPENSSL_DSA_H @@ -102,14 +102,18 @@ RSA_free(test); } -static void +static int md5_init(__ops_hash_t *hash) { if (hash->data) { (void) fprintf(stderr, "md5_init: hash data non-null\n"); } - hash->data = calloc(1, sizeof(MD5_CTX)); + if ((hash->data = calloc(1, sizeof(MD5_CTX))) == NULL) { + (void) fprintf(stderr, "md5_init: bad alloc\n"); + return 0; + } MD5_Init(hash->data); + return 1; } static void @@ -148,7 +152,7 @@ *hash = md5; } -static void +static int sha1_init(__ops_hash_t *hash) { if (__ops_get_debug_level(__FILE__)) { @@ -157,8 +161,12 @@ if (hash->data) { (void) fprintf(stderr, "sha1_init: hash data non-null\n"); } - hash->data = calloc(1, sizeof(SHA_CTX)); + if ((hash->data = calloc(1, sizeof(SHA_CTX))) == NULL) { + (void) fprintf(stderr, "sha1_init: bad alloc\n"); + return 0; + } SHA1_Init(hash->data); + return 1; } static void @@ -219,7 +227,7 @@ *hash = sha1; } -static void +static int sha256_init(__ops_hash_t *hash) { if (__ops_get_debug_level(__FILE__)) { @@ -228,8 +236,12 @@ if (hash->data) { (void) fprintf(stderr, "sha256_init: hash data non-null\n"); } - hash->data = calloc(1, sizeof(SHA256_CTX)); + if ((hash->data = calloc(1, sizeof(SHA256_CTX))) == NULL) { + (void) fprintf(stderr, "sha256_init: bad alloc\n"); + return 0; + } SHA256_Init(hash->data); + return 1; } static void @@ -287,7 +299,7 @@ /* * SHA384 */ -static void +static int sha384_init(__ops_hash_t *hash) { if (__ops_get_debug_level(__FILE__)) { @@ -296,8 +308,12 @@ if (hash->data) { (void) fprintf(stderr, "sha384_init: hash data non-null\n"); } - hash->data = calloc(1, sizeof(SHA512_CTX)); + if ((hash->data = calloc(1, sizeof(SHA512_CTX))) == NULL) { + (void) fprintf(stderr, "sha512_init: bad alloc\n"); + return 0; + } SHA384_Init(hash->data); + return 1; } static void @@ -355,7 +371,7 @@ /* * SHA512 */ -static void +static int sha512_init(__ops_hash_t *hash) { if (__ops_get_debug_level(__FILE__)) { @@ -364,8 +380,12 @@ if (hash->data) { (void) fprintf(stderr, "sha512_init: hash data non-null\n"); } - hash->data = calloc(1, sizeof(SHA512_CTX)); + if ((hash->data = calloc(1, sizeof(SHA512_CTX))) == NULL) { + (void) fprintf(stderr, "sha512_init: bad alloc\n"); + return 0; + } SHA512_Init(hash->data); + return 1; } static void @@ -424,7 +444,7 @@ * SHA224 */ -static void +static int sha224_init(__ops_hash_t *hash) { if (__ops_get_debug_level(__FILE__)) { @@ -433,8 +453,12 @@ if (hash->data) { (void) fprintf(stderr, "sha224_init: hash data non-null\n"); } - hash->data = calloc(1, sizeof(SHA256_CTX)); + if ((hash->data = calloc(1, sizeof(SHA256_CTX))) == NULL) { + (void) fprintf(stderr, "sha256_init: bad alloc\n"); + return 0; + } SHA224_Init(hash->data); + return 1; } static void Index: src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c diff -u src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c:1.24 src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c:1.25 --- src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c:1.24 Tue Oct 6 05:54:24 2009 +++ src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c Wed Oct 7 16:19:51 2009 @@ -58,7 +58,7 @@ #if defined(__NetBSD__) __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: packet-parse.c,v 1.24 2009/10/06 05:54:24 agc Exp $"); +__RCSID("$NetBSD: packet-parse.c,v 1.25 2009/10/07 16:19:51 agc Exp $"); #endif #ifdef HAVE_OPENSSL_CAST_H @@ -2237,7 +2237,11 @@ hash = &stream->hashes[stream->hashc++]; __ops_hash_any(&hash->hash, type); - hash->hash.init(&hash->hash); + if (!hash->hash.init(&hash->hash)) { + (void) fprintf(stderr, "parse_hash_init: bad alloc\n"); + /* just continue and die here */ + /* XXX - agc - no way to return failure */ + } (void) memcpy(hash->keyid, keyid, sizeof(hash->keyid)); } @@ -2573,7 +2577,11 @@ __ops_hash_any(&hashes[n], pkt.u.seckey.hash_alg); - hashes[n].init(&hashes[n]); + if (!hashes[n].init(&hashes[n])) { + (void) fprintf(stderr, + "parse_seckey: bad alloc\n"); + return 0; + } /* preload hashes with zeroes... */ for (i = 0; i < n; ++i) { hashes[n].add(&hashes[n], Index: src/crypto/external/bsd/netpgp/dist/src/lib/reader.c diff -u src/crypto/external/bsd/netpgp/dist/src/lib/reader.c:1.24 src/crypto/external/bsd/netpgp/dist/src/lib/reader.c:1.25 --- src/crypto/external/bsd/netpgp/dist/src/lib/reader.c:1.24 Wed Oct 7 04:56:51 2009 +++ src/crypto/external/bsd/netpgp/dist/src/lib/reader.c Wed Oct 7 16:19:51 2009 @@ -54,7 +54,7 @@ #if defined(__NetBSD__) __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: reader.c,v 1.24 2009/10/07 04:56:51 agc Exp $"); +__RCSID("$NetBSD: reader.c,v 1.25 2009/10/07 16:19:51 agc Exp $"); #endif #include <sys/types.h> @@ -593,7 +593,11 @@ __ops_hash_md5(hash); } - hash->init(hash); + if (!hash->init(hash)) { + OPS_ERROR(errors, OPS_E_R_BAD_FORMAT, + "can't initialise hash"); + return -1; + } body->length = 0; total = 0; @@ -1587,7 +1591,11 @@ size_t sz_plaintext; __ops_hash_any(&hash, OPS_HASH_SHA1); - hash.init(&hash); + if (!hash.init(&hash)) { + (void) fprintf(stderr, + "se_ip_data_reader: can't init hash\n"); + return -1; + } __ops_init_subregion(&decrypted_region, NULL); decrypted_region.length = @@ -2307,7 +2315,11 @@ void __ops_reader_push_hash(__ops_stream_t *stream, __ops_hash_t *hash) { - hash->init(hash); + if (!hash->init(hash)) { + (void) fprintf(stderr, "__ops_reader_push_hash: can't init hash\n"); + /* just continue and die */ + /* XXX - agc - no way to return failure */ + } __ops_reader_push(stream, hash_reader, NULL, hash); } Index: src/crypto/external/bsd/netpgp/dist/src/lib/writer.c diff -u src/crypto/external/bsd/netpgp/dist/src/lib/writer.c:1.14 src/crypto/external/bsd/netpgp/dist/src/lib/writer.c:1.15 --- src/crypto/external/bsd/netpgp/dist/src/lib/writer.c:1.14 Wed Oct 7 04:18:47 2009 +++ src/crypto/external/bsd/netpgp/dist/src/lib/writer.c Wed Oct 7 16:19:51 2009 @@ -58,7 +58,7 @@ #if defined(__NetBSD__) __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: writer.c,v 1.14 2009/10/07 04:18:47 agc Exp $"); +__RCSID("$NetBSD: writer.c,v 1.15 2009/10/07 16:19:51 agc Exp $"); #endif #include <sys/types.h> @@ -1375,7 +1375,12 @@ sum->hashed = seckey->checkhash; /* init the hash */ __ops_hash_any(&sum->hash, sum->hash_alg); - sum->hash.init(&sum->hash); + if (!sum->hash.init(&sum->hash)) { + (void) fprintf(stderr, + "__ops_push_checksum_writer: bad hash init\n"); + /* just continue and die */ + /* XXX - agc - no way to return failure */ + } __ops_writer_push(output, skey_checksum_writer, skey_checksum_finaliser, skey_checksum_destroyer, sum); } @@ -1629,7 +1634,12 @@ preamble[blocksize] = preamble[blocksize - 2]; preamble[blocksize + 1] = preamble[blocksize - 1]; __ops_hash_any(&se_ip->hash, OPS_HASH_SHA1); - se_ip->hash.init(&se_ip->hash); + if (!se_ip->hash.init(&se_ip->hash)) { + free(preamble); + (void) fprintf(stderr, + "stream_write_se_ip_first: bad hash init\n"); + return 0; + } __ops_write(output, preamble, sz_preamble); se_ip->hash.add(&se_ip->hash, preamble, sz_preamble); __ops_write(output, data, sz_pd - sz_preamble - 1);