Hi tech@
Here are some missing checks for NULL after malloc.
I sent these in a bit ago, but I didn't see them picked up.
Regards
Index: src/apps/apps.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/apps/apps.c,v
retrieving revision 1.56
diff -u -p -r1.56 apps.c
--- src/apps/apps.c 30 May 2014 04:59:14 -0000 1.56
+++ src/apps/apps.c 31 May 2014 06:47:13 -0000
@@ -215,6 +215,8 @@ chopup_args(ARGS *arg, char *buf, int *a
if (arg->count == 0) {
arg->count = 20;
arg->data = reallocarray(NULL, arg->count, sizeof(char *));
+ if (arg->data == NULL)
+ return (0);
}
for (i = 0; i < arg->count; i++)
arg->data[i] = NULL;
Index: src/apps/dgst.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/apps/dgst.c,v
retrieving revision 1.34
diff -u -p -r1.34 dgst.c
--- src/apps/dgst.c 23 May 2014 16:10:02 -0000 1.34
+++ src/apps/dgst.c 31 May 2014 06:47:13 -0000
@@ -401,6 +401,11 @@ mac_end:
sigbio = BIO_new_file(sigfile, "rb");
siglen = EVP_PKEY_size(sigkey);
sigbuf = malloc(siglen);
+ if (sigbuf == NULL) {
+ BIO_printf(bio_err, "Out of memory\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
if (!sigbio) {
BIO_printf(bio_err, "Error opening signature file %s\n",
sigfile);
Index: src/apps/speed.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/apps/speed.c,v
retrieving revision 1.45
diff -u -p -r1.45 speed.c
--- src/apps/speed.c 29 May 2014 21:07:42 -0000 1.45
+++ src/apps/speed.c 31 May 2014 06:47:13 -0000
@@ -2107,6 +2107,10 @@ do_multi(int multi)
static char sep[] = ":";
fds = reallocarray(NULL, multi, sizeof *fds);
+ if (fds == NULL) {
+ fprintf(stderr, "Out of memory\n");
+ exit(1);
+ }
for (n = 0; n < multi; ++n) {
if (pipe(fd) == -1) {
fprintf(stderr, "pipe failure\n");
Index: src/apps/x509.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/apps/x509.c,v
retrieving revision 1.44
diff -u -p -r1.44 x509.c
--- src/apps/x509.c 23 May 2014 16:10:02 -0000 1.44
+++ src/apps/x509.c 31 May 2014 06:47:13 -0000
@@ -746,6 +746,11 @@ bad:
z = i2d_X509(x, NULL);
m = malloc(z);
+ if (m == NULL) {
+ BIO_printf(bio_err, "Out of memory\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
d = (unsigned char *) m;
z = i2d_X509_NAME(X509_get_subject_name(x), &d);
Index: src/crypto/asn1/bio_ndef.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/crypto/asn1/bio_ndef.c,v
retrieving revision 1.7
diff -u -p -r1.7 bio_ndef.c
--- src/crypto/asn1/bio_ndef.c 30 May 2014 02:52:11 -0000 1.7
+++ src/crypto/asn1/bio_ndef.c 31 May 2014 06:47:14 -0000
@@ -164,6 +164,8 @@ ndef_prefix(BIO *b, unsigned char **pbuf
derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
p = malloc(derlen);
+ if (p == NULL)
+ return (0);
ndef_aux->derbuf = p;
*pbuf = p;
derlen = ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it);
@@ -231,6 +233,8 @@ ndef_suffix(BIO *b, unsigned char **pbuf
derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
p = malloc(derlen);
+ if (p == NULL)
+ return (0);
ndef_aux->derbuf = p;
*pbuf = p;
derlen = ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it);
Index: src/crypto/cms/cms_pwri.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/crypto/cms/cms_pwri.c,v
retrieving revision 1.4
diff -u -p -r1.4 cms_pwri.c
--- src/crypto/cms/cms_pwri.c 24 May 2014 15:55:21 -0000 1.4
+++ src/crypto/cms/cms_pwri.c 31 May 2014 06:47:18 -0000
@@ -231,6 +231,8 @@ kek_unwrap_key(unsigned char *out, size_
return 0;
}
tmp = malloc(inlen);
+ if (tmp == NULL)
+ return (0);
/* setup IV by decrypting last two blocks */
EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl,
in + inlen - 2 * blocklen, blocklen * 2);
