diff options
Diffstat (limited to 'openssl/apps')
| -rw-r--r-- | openssl/apps/apps.c | 13 | ||||
| -rw-r--r-- | openssl/apps/ca.c | 21 | ||||
| -rw-r--r-- | openssl/apps/cms.c | 4 | ||||
| -rw-r--r-- | openssl/apps/dgst.c | 15 | ||||
| -rw-r--r-- | openssl/apps/openssl.c | 8 | ||||
| -rw-r--r-- | openssl/apps/pkcs7.c | 10 | ||||
| -rw-r--r-- | openssl/apps/rsautl.c | 5 | ||||
| -rw-r--r-- | openssl/apps/s_cb.c | 5 | ||||
| -rw-r--r-- | openssl/apps/s_client.c | 11 | ||||
| -rw-r--r-- | openssl/apps/s_server.c | 36 | ||||
| -rw-r--r-- | openssl/apps/s_time.c | 7 | ||||
| -rw-r--r-- | openssl/apps/speed.c | 12 | ||||
| -rw-r--r-- | openssl/apps/srp.c | 8 | ||||
| -rw-r--r-- | openssl/apps/x509.c | 5 |
14 files changed, 121 insertions, 39 deletions
diff --git a/openssl/apps/apps.c b/openssl/apps/apps.c index e6bb48f08..b0acbc7c1 100644 --- a/openssl/apps/apps.c +++ b/openssl/apps/apps.c @@ -574,6 +574,11 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp) char *prompt = NULL; prompt = UI_construct_prompt(ui, "pass phrase", prompt_info); + if(!prompt) { + BIO_printf(bio_err, "Out of memory\n"); + UI_free(ui); + return 0; + } ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD; UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0); @@ -583,6 +588,12 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp) PW_MIN_LENGTH, bufsiz - 1); if (ok >= 0 && verify) { buff = (char *)OPENSSL_malloc(bufsiz); + if(!buff) { + BIO_printf(bio_err, "Out of memory\n"); + UI_free(ui); + OPENSSL_free(prompt); + return 0; + } ok = UI_add_verify_string(ui, prompt, ui_flags, buff, PW_MIN_LENGTH, bufsiz - 1, buf); } @@ -2775,7 +2786,7 @@ void print_cert_checks(BIO *bio, X509 *x, return; if (checkhost) { BIO_printf(bio, "Hostname %s does%s match certificate\n", - checkhost, X509_check_host(x, checkhost, 0, 0, NULL) + checkhost, X509_check_host(x, checkhost, 0, 0, NULL) == 1 ? "" : " NOT"); } diff --git a/openssl/apps/ca.c b/openssl/apps/ca.c index f0a19cf11..d64ec4f14 100644 --- a/openssl/apps/ca.c +++ b/openssl/apps/ca.c @@ -563,10 +563,18 @@ int MAIN(int argc, char **argv) #ifdef OPENSSL_SYS_VMS len = strlen(s) + sizeof(CONFIG_FILE); tofree = OPENSSL_malloc(len); + if(!tofree) { + BIO_printf(bio_err, "Out of memory\n"); + goto err; + } strcpy(tofree, s); #else len = strlen(s) + sizeof(CONFIG_FILE) + 1; tofree = OPENSSL_malloc(len); + if(!tofree) { + BIO_printf(bio_err, "Out of memory\n"); + goto err; + } BUF_strlcpy(tofree, s, len); BUF_strlcat(tofree, "/", len); #endif @@ -2813,6 +2821,11 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_GENERALIZEDTIME *comp_time = NULL; tmp = BUF_strdup(str); + if(!tmp) { + BIO_printf(bio_err, "memory allocation failure\n"); + goto err; + } + p = strchr(tmp, ','); rtime_str = tmp; @@ -2830,6 +2843,10 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, if (prevtm) { *prevtm = ASN1_UTCTIME_new(); + if(!*prevtm) { + BIO_printf(bio_err, "memory allocation failure\n"); + goto err; + } if (!ASN1_UTCTIME_set_string(*prevtm, rtime_str)) { BIO_printf(bio_err, "invalid revocation date %s\n", rtime_str); goto err; @@ -2870,6 +2887,10 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, goto err; } comp_time = ASN1_GENERALIZEDTIME_new(); + if(!comp_time) { + BIO_printf(bio_err, "memory allocation failure\n"); + goto err; + } if (!ASN1_GENERALIZEDTIME_set_string(comp_time, arg_str)) { BIO_printf(bio_err, "invalid compromised time %s\n", arg_str); goto err; diff --git a/openssl/apps/cms.c b/openssl/apps/cms.c index 2c8ada60b..2c922537c 100644 --- a/openssl/apps/cms.c +++ b/openssl/apps/cms.c @@ -463,6 +463,10 @@ int MAIN(int argc, char **argv) if (key_param == NULL || key_param->idx != keyidx) { cms_key_param *nparam; nparam = OPENSSL_malloc(sizeof(cms_key_param)); + if(!nparam) { + BIO_printf(bio_err, "Out of memory\n"); + goto argerr; + } nparam->idx = keyidx; nparam->param = sk_OPENSSL_STRING_new_null(); nparam->next = NULL; diff --git a/openssl/apps/dgst.c b/openssl/apps/dgst.c index adb7a060a..95e5fa3fc 100644 --- a/openssl/apps/dgst.c +++ b/openssl/apps/dgst.c @@ -293,6 +293,11 @@ int MAIN(int argc, char **argv) in = BIO_new(BIO_s_file()); bmd = BIO_new(BIO_f_md()); + if ((in == NULL) || (bmd == NULL)) { + ERR_print_errors(bio_err); + goto end; + } + if (debug) { BIO_set_callback(in, BIO_debug_callback); /* needed for windows 3.1 */ @@ -304,11 +309,6 @@ int MAIN(int argc, char **argv) goto end; } - if ((in == NULL) || (bmd == NULL)) { - ERR_print_errors(bio_err); - goto end; - } - if (out_bin == -1) { if (keyfile) out_bin = 1; @@ -460,6 +460,11 @@ int MAIN(int argc, char **argv) ERR_print_errors(bio_err); goto end; } + if (!sigbuf) { + BIO_printf(bio_err, "Out of memory\n"); + ERR_print_errors(bio_err); + goto end; + } siglen = BIO_read(sigbio, sigbuf, siglen); BIO_free(sigbio); if (siglen <= 0) { diff --git a/openssl/apps/openssl.c b/openssl/apps/openssl.c index 112ed7e60..687314522 100644 --- a/openssl/apps/openssl.c +++ b/openssl/apps/openssl.c @@ -428,10 +428,6 @@ int main(int Argc, char *ARGV[]) if (arg.data != NULL) OPENSSL_free(arg.data); - if (bio_err != NULL) { - BIO_free(bio_err); - bio_err = NULL; - } #if defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64) /* Free any duplicate Argv[] storage. */ if (free_Argv) { @@ -440,6 +436,10 @@ int main(int Argc, char *ARGV[]) #endif apps_shutdown(); CRYPTO_mem_leaks(bio_err); + if (bio_err != NULL) { + BIO_free(bio_err); + bio_err = NULL; + } OPENSSL_EXIT(ret); } diff --git a/openssl/apps/pkcs7.c b/openssl/apps/pkcs7.c index 4d80f8249..643507f21 100644 --- a/openssl/apps/pkcs7.c +++ b/openssl/apps/pkcs7.c @@ -189,11 +189,11 @@ int MAIN(int argc, char **argv) if (infile == NULL) BIO_set_fp(in, stdin, BIO_NOCLOSE); else { - if (BIO_read_filename(in, infile) <= 0) - if (in == NULL) { - perror(infile); - goto end; - } + if (BIO_read_filename(in, infile) <= 0) { + BIO_printf(bio_err, "unable to load input file\n"); + ERR_print_errors(bio_err); + goto end; + } } if (informat == FORMAT_ASN1) diff --git a/openssl/apps/rsautl.c b/openssl/apps/rsautl.c index 0030aca12..d642f9ad9 100644 --- a/openssl/apps/rsautl.c +++ b/openssl/apps/rsautl.c @@ -268,6 +268,11 @@ int MAIN(int argc, char **argv) rsa_in = OPENSSL_malloc(keysize * 2); rsa_out = OPENSSL_malloc(keysize); + if (!rsa_in || !rsa_out) { + BIO_printf(bio_err, "Out of memory\n"); + ERR_print_errors(bio_err); + goto end; + } /* Read the input data */ rsa_inlen = BIO_read(in, rsa_in, keysize * 2); diff --git a/openssl/apps/s_cb.c b/openssl/apps/s_cb.c index d5756c0ff..f6e6bcd76 100644 --- a/openssl/apps/s_cb.c +++ b/openssl/apps/s_cb.c @@ -456,8 +456,13 @@ int ssl_print_curves(BIO *out, SSL *s, int noshared) if (ncurves <= 0) return 1; curves = OPENSSL_malloc(ncurves * sizeof(int)); + if(!curves) { + BIO_puts(out, "Malloc error getting supported curves\n"); + return 0; + } SSL_get1_curves(s, curves); + BIO_puts(out, "Supported Elliptic Curves: "); for (i = 0; i < ncurves; i++) { if (i) diff --git a/openssl/apps/s_client.c b/openssl/apps/s_client.c index b1152aa36..8fa2b737a 100644 --- a/openssl/apps/s_client.c +++ b/openssl/apps/s_client.c @@ -560,6 +560,11 @@ static char *MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg) PW_CB_DATA cb_tmp; int l; + if(!pass) { + BIO_printf(bio_err, "Malloc failure\n"); + return NULL; + } + cb_tmp.password = (char *)srp_arg->srppassin; cb_tmp.prompt_info = "SRP user"; if ((l = password_callback(pass, PWD_STRLEN, 0, &cb_tmp)) < 0) { @@ -1295,12 +1300,6 @@ int MAIN(int argc, char **argv) #endif if (exc) ssl_ctx_set_excert(ctx, exc); - /* - * DTLS: partial reads end up discarding unread UDP bytes :-( Setting - * read ahead solves this problem. - */ - if (socket_type == SOCK_DGRAM) - SSL_CTX_set_read_ahead(ctx, 1); #if !defined(OPENSSL_NO_TLSEXT) # if !defined(OPENSSL_NO_NEXTPROTONEG) diff --git a/openssl/apps/s_server.c b/openssl/apps/s_server.c index baa2455e0..a8491acfd 100644 --- a/openssl/apps/s_server.c +++ b/openssl/apps/s_server.c @@ -347,7 +347,7 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity, } if (s_debug) BIO_printf(bio_s_out, "identity_len=%d identity=%s\n", - identity ? (int)strlen(identity) : 0, identity); + (int)strlen(identity), identity); /* here we could lookup the given identity e.g. from a database */ if (strcmp(identity, psk_identity) != 0) { @@ -696,6 +696,8 @@ static int ebcdic_new(BIO *bi) EBCDIC_OUTBUFF *wbuf; wbuf = (EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + 1024); + if (!wbuf) + return 0; wbuf->alloced = 1024; wbuf->buff[0] = '\0'; @@ -750,9 +752,11 @@ static int ebcdic_write(BIO *b, const char *in, int inl) num = num + num; /* double the size */ if (num < inl) num = inl; - OPENSSL_free(wbuf); wbuf = (EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num); + if(!wbuf) + return 0; + OPENSSL_free(b->ptr); wbuf->alloced = num; wbuf->buff[0] = '\0'; @@ -1736,12 +1740,6 @@ int MAIN(int argc, char *argv[]) SSL_CTX_set_options(ctx, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG); if (exc) ssl_ctx_set_excert(ctx, exc); - /* - * DTLS: partial reads end up discarding unread UDP bytes :-( Setting - * read ahead solves this problem. - */ - if (socket_type == SOCK_DGRAM) - SSL_CTX_set_read_ahead(ctx, 1); if (state) SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback); @@ -1821,12 +1819,6 @@ int MAIN(int argc, char *argv[]) SSL_CTX_set_options(ctx2, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG); if (exc) ssl_ctx_set_excert(ctx2, exc); - /* - * DTLS: partial reads end up discarding unread UDP bytes :-( - * Setting read ahead solves this problem. - */ - if (socket_type == SOCK_DGRAM) - SSL_CTX_set_read_ahead(ctx2, 1); if (state) SSL_CTX_set_info_callback(ctx2, apps_ssl_info_callback); @@ -2877,7 +2869,7 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context) /* else we have data */ if (((www == 1) && (strncmp("GET ", buf, 4) == 0)) || - ((www == 2) && (strncmp("GET /stats ", buf, 10) == 0))) { + ((www == 2) && (strncmp("GET /stats ", buf, 11) == 0))) { char *p; X509 *peer; STACK_OF(SSL_CIPHER) *sk; @@ -3331,6 +3323,10 @@ static int add_session(SSL *ssl, SSL_SESSION *session) unsigned char *p; sess = OPENSSL_malloc(sizeof(simple_ssl_session)); + if(!sess) { + BIO_printf(bio_err, "Out of memory adding session to external cache\n"); + return 0; + } SSL_SESSION_get_id(session, &sess->idlen); sess->derlen = i2d_SSL_SESSION(session, NULL); @@ -3338,6 +3334,16 @@ static int add_session(SSL *ssl, SSL_SESSION *session) sess->id = BUF_memdup(SSL_SESSION_get_id(session, NULL), sess->idlen); sess->der = OPENSSL_malloc(sess->derlen); + if(!sess->id || !sess->der) { + BIO_printf(bio_err, "Out of memory adding session to external cache\n"); + + if(sess->id) + OPENSSL_free(sess->id); + if(sess->der) + OPENSSL_free(sess->der); + OPENSSL_free(sess); + return 0; + } p = sess->der; i2d_SSL_SESSION(session, &p); diff --git a/openssl/apps/s_time.c b/openssl/apps/s_time.c index 5846f3ae1..a40997a22 100644 --- a/openssl/apps/s_time.c +++ b/openssl/apps/s_time.c @@ -302,6 +302,10 @@ static int parseArgs(int argc, char **argv) if (--argc < 1) goto bad; maxTime = atoi(*(++argv)); + if(maxTime <= 0) { + BIO_printf(bio_err, "time must be > 0\n"); + badop = 1; + } } else { BIO_printf(bio_err, "unknown option %s\n", *argv); badop = 1; @@ -550,7 +554,8 @@ int MAIN(int argc, char **argv) nConn, totalTime, ((double)nConn / totalTime), bytes_read); printf ("%d connections in %ld real seconds, %ld bytes read per connection\n", - nConn, (long)time(NULL) - finishtime + maxTime, bytes_read / nConn); + nConn, (long)time(NULL) - finishtime + maxTime, + bytes_read / (nConn?nConn:1)); ret = 0; end: diff --git a/openssl/apps/speed.c b/openssl/apps/speed.c index 7dcd354e0..7b1acc189 100644 --- a/openssl/apps/speed.c +++ b/openssl/apps/speed.c @@ -2775,6 +2775,11 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher) inp = OPENSSL_malloc(mblengths[num - 1]); out = OPENSSL_malloc(mblengths[num - 1] + 1024); + if(!inp || !out) { + BIO_printf(bio_err,"Out of memory\n"); + goto end; + } + EVP_CIPHER_CTX_init(&ctx); EVP_EncryptInit_ex(&ctx, evp_cipher, NULL, no_key, no_iv); @@ -2859,7 +2864,10 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher) fprintf(stdout, "\n"); } - OPENSSL_free(inp); - OPENSSL_free(out); +end: + if(inp) + OPENSSL_free(inp); + if(out) + OPENSSL_free(out); } #endif diff --git a/openssl/apps/srp.c b/openssl/apps/srp.c index 47b45fbf9..c679448ee 100644 --- a/openssl/apps/srp.c +++ b/openssl/apps/srp.c @@ -435,10 +435,18 @@ int MAIN(int argc, char **argv) # ifdef OPENSSL_SYS_VMS len = strlen(s) + sizeof(CONFIG_FILE); tofree = OPENSSL_malloc(len); + if(!tofree) { + BIO_printf(bio_err, "Out of memory\n"); + goto err; + } strcpy(tofree, s); # else len = strlen(s) + sizeof(CONFIG_FILE) + 1; tofree = OPENSSL_malloc(len); + if(!tofree) { + BIO_printf(bio_err, "Out of memory\n"); + goto err; + } BUF_strlcpy(tofree, s, len); BUF_strlcat(tofree, "/", len); # endif diff --git a/openssl/apps/x509.c b/openssl/apps/x509.c index d005c82bb..864a60dda 100644 --- a/openssl/apps/x509.c +++ b/openssl/apps/x509.c @@ -829,6 +829,11 @@ int MAIN(int argc, char **argv) z = i2d_X509(x, NULL); m = OPENSSL_malloc(z); + if (!m) { + BIO_printf(bio_err, "Out of memory\n"); + ERR_print_errors(bio_err); + goto end; + } d = (unsigned char *)m; z = i2d_X509_NAME(X509_get_subject_name(x), &d); |