aboutsummaryrefslogtreecommitdiff
path: root/openssl/apps
diff options
context:
space:
mode:
Diffstat (limited to 'openssl/apps')
-rw-r--r--openssl/apps/apps.c13
-rw-r--r--openssl/apps/ca.c21
-rw-r--r--openssl/apps/cms.c4
-rw-r--r--openssl/apps/dgst.c15
-rw-r--r--openssl/apps/openssl.c8
-rw-r--r--openssl/apps/pkcs7.c10
-rw-r--r--openssl/apps/rsautl.c5
-rw-r--r--openssl/apps/s_cb.c5
-rw-r--r--openssl/apps/s_client.c11
-rw-r--r--openssl/apps/s_server.c36
-rw-r--r--openssl/apps/s_time.c7
-rw-r--r--openssl/apps/speed.c12
-rw-r--r--openssl/apps/srp.c8
-rw-r--r--openssl/apps/x509.c5
14 files changed, 121 insertions, 39 deletions
diff --git a/openssl/apps/apps.c b/openssl/apps/apps.c
index e6bb48f08..b0acbc7c1 100644
--- a/openssl/apps/apps.c
+++ b/openssl/apps/apps.c
@@ -574,6 +574,11 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
char *prompt = NULL;
prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
+ if(!prompt) {
+ BIO_printf(bio_err, "Out of memory\n");
+ UI_free(ui);
+ return 0;
+ }
ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
@@ -583,6 +588,12 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
PW_MIN_LENGTH, bufsiz - 1);
if (ok >= 0 && verify) {
buff = (char *)OPENSSL_malloc(bufsiz);
+ if(!buff) {
+ BIO_printf(bio_err, "Out of memory\n");
+ UI_free(ui);
+ OPENSSL_free(prompt);
+ return 0;
+ }
ok = UI_add_verify_string(ui, prompt, ui_flags, buff,
PW_MIN_LENGTH, bufsiz - 1, buf);
}
@@ -2775,7 +2786,7 @@ void print_cert_checks(BIO *bio, X509 *x,
return;
if (checkhost) {
BIO_printf(bio, "Hostname %s does%s match certificate\n",
- checkhost, X509_check_host(x, checkhost, 0, 0, NULL)
+ checkhost, X509_check_host(x, checkhost, 0, 0, NULL) == 1
? "" : " NOT");
}
diff --git a/openssl/apps/ca.c b/openssl/apps/ca.c
index f0a19cf11..d64ec4f14 100644
--- a/openssl/apps/ca.c
+++ b/openssl/apps/ca.c
@@ -563,10 +563,18 @@ int MAIN(int argc, char **argv)
#ifdef OPENSSL_SYS_VMS
len = strlen(s) + sizeof(CONFIG_FILE);
tofree = OPENSSL_malloc(len);
+ if(!tofree) {
+ BIO_printf(bio_err, "Out of memory\n");
+ goto err;
+ }
strcpy(tofree, s);
#else
len = strlen(s) + sizeof(CONFIG_FILE) + 1;
tofree = OPENSSL_malloc(len);
+ if(!tofree) {
+ BIO_printf(bio_err, "Out of memory\n");
+ goto err;
+ }
BUF_strlcpy(tofree, s, len);
BUF_strlcat(tofree, "/", len);
#endif
@@ -2813,6 +2821,11 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
ASN1_GENERALIZEDTIME *comp_time = NULL;
tmp = BUF_strdup(str);
+ if(!tmp) {
+ BIO_printf(bio_err, "memory allocation failure\n");
+ goto err;
+ }
+
p = strchr(tmp, ',');
rtime_str = tmp;
@@ -2830,6 +2843,10 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
if (prevtm) {
*prevtm = ASN1_UTCTIME_new();
+ if(!*prevtm) {
+ BIO_printf(bio_err, "memory allocation failure\n");
+ goto err;
+ }
if (!ASN1_UTCTIME_set_string(*prevtm, rtime_str)) {
BIO_printf(bio_err, "invalid revocation date %s\n", rtime_str);
goto err;
@@ -2870,6 +2887,10 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
goto err;
}
comp_time = ASN1_GENERALIZEDTIME_new();
+ if(!comp_time) {
+ BIO_printf(bio_err, "memory allocation failure\n");
+ goto err;
+ }
if (!ASN1_GENERALIZEDTIME_set_string(comp_time, arg_str)) {
BIO_printf(bio_err, "invalid compromised time %s\n", arg_str);
goto err;
diff --git a/openssl/apps/cms.c b/openssl/apps/cms.c
index 2c8ada60b..2c922537c 100644
--- a/openssl/apps/cms.c
+++ b/openssl/apps/cms.c
@@ -463,6 +463,10 @@ int MAIN(int argc, char **argv)
if (key_param == NULL || key_param->idx != keyidx) {
cms_key_param *nparam;
nparam = OPENSSL_malloc(sizeof(cms_key_param));
+ if(!nparam) {
+ BIO_printf(bio_err, "Out of memory\n");
+ goto argerr;
+ }
nparam->idx = keyidx;
nparam->param = sk_OPENSSL_STRING_new_null();
nparam->next = NULL;
diff --git a/openssl/apps/dgst.c b/openssl/apps/dgst.c
index adb7a060a..95e5fa3fc 100644
--- a/openssl/apps/dgst.c
+++ b/openssl/apps/dgst.c
@@ -293,6 +293,11 @@ int MAIN(int argc, char **argv)
in = BIO_new(BIO_s_file());
bmd = BIO_new(BIO_f_md());
+ if ((in == NULL) || (bmd == NULL)) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
if (debug) {
BIO_set_callback(in, BIO_debug_callback);
/* needed for windows 3.1 */
@@ -304,11 +309,6 @@ int MAIN(int argc, char **argv)
goto end;
}
- if ((in == NULL) || (bmd == NULL)) {
- ERR_print_errors(bio_err);
- goto end;
- }
-
if (out_bin == -1) {
if (keyfile)
out_bin = 1;
@@ -460,6 +460,11 @@ int MAIN(int argc, char **argv)
ERR_print_errors(bio_err);
goto end;
}
+ if (!sigbuf) {
+ BIO_printf(bio_err, "Out of memory\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
siglen = BIO_read(sigbio, sigbuf, siglen);
BIO_free(sigbio);
if (siglen <= 0) {
diff --git a/openssl/apps/openssl.c b/openssl/apps/openssl.c
index 112ed7e60..687314522 100644
--- a/openssl/apps/openssl.c
+++ b/openssl/apps/openssl.c
@@ -428,10 +428,6 @@ int main(int Argc, char *ARGV[])
if (arg.data != NULL)
OPENSSL_free(arg.data);
- if (bio_err != NULL) {
- BIO_free(bio_err);
- bio_err = NULL;
- }
#if defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64)
/* Free any duplicate Argv[] storage. */
if (free_Argv) {
@@ -440,6 +436,10 @@ int main(int Argc, char *ARGV[])
#endif
apps_shutdown();
CRYPTO_mem_leaks(bio_err);
+ if (bio_err != NULL) {
+ BIO_free(bio_err);
+ bio_err = NULL;
+ }
OPENSSL_EXIT(ret);
}
diff --git a/openssl/apps/pkcs7.c b/openssl/apps/pkcs7.c
index 4d80f8249..643507f21 100644
--- a/openssl/apps/pkcs7.c
+++ b/openssl/apps/pkcs7.c
@@ -189,11 +189,11 @@ int MAIN(int argc, char **argv)
if (infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else {
- if (BIO_read_filename(in, infile) <= 0)
- if (in == NULL) {
- perror(infile);
- goto end;
- }
+ if (BIO_read_filename(in, infile) <= 0) {
+ BIO_printf(bio_err, "unable to load input file\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
}
if (informat == FORMAT_ASN1)
diff --git a/openssl/apps/rsautl.c b/openssl/apps/rsautl.c
index 0030aca12..d642f9ad9 100644
--- a/openssl/apps/rsautl.c
+++ b/openssl/apps/rsautl.c
@@ -268,6 +268,11 @@ int MAIN(int argc, char **argv)
rsa_in = OPENSSL_malloc(keysize * 2);
rsa_out = OPENSSL_malloc(keysize);
+ if (!rsa_in || !rsa_out) {
+ BIO_printf(bio_err, "Out of memory\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
/* Read the input data */
rsa_inlen = BIO_read(in, rsa_in, keysize * 2);
diff --git a/openssl/apps/s_cb.c b/openssl/apps/s_cb.c
index d5756c0ff..f6e6bcd76 100644
--- a/openssl/apps/s_cb.c
+++ b/openssl/apps/s_cb.c
@@ -456,8 +456,13 @@ int ssl_print_curves(BIO *out, SSL *s, int noshared)
if (ncurves <= 0)
return 1;
curves = OPENSSL_malloc(ncurves * sizeof(int));
+ if(!curves) {
+ BIO_puts(out, "Malloc error getting supported curves\n");
+ return 0;
+ }
SSL_get1_curves(s, curves);
+
BIO_puts(out, "Supported Elliptic Curves: ");
for (i = 0; i < ncurves; i++) {
if (i)
diff --git a/openssl/apps/s_client.c b/openssl/apps/s_client.c
index b1152aa36..8fa2b737a 100644
--- a/openssl/apps/s_client.c
+++ b/openssl/apps/s_client.c
@@ -560,6 +560,11 @@ static char *MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
PW_CB_DATA cb_tmp;
int l;
+ if(!pass) {
+ BIO_printf(bio_err, "Malloc failure\n");
+ return NULL;
+ }
+
cb_tmp.password = (char *)srp_arg->srppassin;
cb_tmp.prompt_info = "SRP user";
if ((l = password_callback(pass, PWD_STRLEN, 0, &cb_tmp)) < 0) {
@@ -1295,12 +1300,6 @@ int MAIN(int argc, char **argv)
#endif
if (exc)
ssl_ctx_set_excert(ctx, exc);
- /*
- * DTLS: partial reads end up discarding unread UDP bytes :-( Setting
- * read ahead solves this problem.
- */
- if (socket_type == SOCK_DGRAM)
- SSL_CTX_set_read_ahead(ctx, 1);
#if !defined(OPENSSL_NO_TLSEXT)
# if !defined(OPENSSL_NO_NEXTPROTONEG)
diff --git a/openssl/apps/s_server.c b/openssl/apps/s_server.c
index baa2455e0..a8491acfd 100644
--- a/openssl/apps/s_server.c
+++ b/openssl/apps/s_server.c
@@ -347,7 +347,7 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity,
}
if (s_debug)
BIO_printf(bio_s_out, "identity_len=%d identity=%s\n",
- identity ? (int)strlen(identity) : 0, identity);
+ (int)strlen(identity), identity);
/* here we could lookup the given identity e.g. from a database */
if (strcmp(identity, psk_identity) != 0) {
@@ -696,6 +696,8 @@ static int ebcdic_new(BIO *bi)
EBCDIC_OUTBUFF *wbuf;
wbuf = (EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + 1024);
+ if (!wbuf)
+ return 0;
wbuf->alloced = 1024;
wbuf->buff[0] = '\0';
@@ -750,9 +752,11 @@ static int ebcdic_write(BIO *b, const char *in, int inl)
num = num + num; /* double the size */
if (num < inl)
num = inl;
- OPENSSL_free(wbuf);
wbuf =
(EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num);
+ if(!wbuf)
+ return 0;
+ OPENSSL_free(b->ptr);
wbuf->alloced = num;
wbuf->buff[0] = '\0';
@@ -1736,12 +1740,6 @@ int MAIN(int argc, char *argv[])
SSL_CTX_set_options(ctx, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
if (exc)
ssl_ctx_set_excert(ctx, exc);
- /*
- * DTLS: partial reads end up discarding unread UDP bytes :-( Setting
- * read ahead solves this problem.
- */
- if (socket_type == SOCK_DGRAM)
- SSL_CTX_set_read_ahead(ctx, 1);
if (state)
SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback);
@@ -1821,12 +1819,6 @@ int MAIN(int argc, char *argv[])
SSL_CTX_set_options(ctx2, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
if (exc)
ssl_ctx_set_excert(ctx2, exc);
- /*
- * DTLS: partial reads end up discarding unread UDP bytes :-(
- * Setting read ahead solves this problem.
- */
- if (socket_type == SOCK_DGRAM)
- SSL_CTX_set_read_ahead(ctx2, 1);
if (state)
SSL_CTX_set_info_callback(ctx2, apps_ssl_info_callback);
@@ -2877,7 +2869,7 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context)
/* else we have data */
if (((www == 1) && (strncmp("GET ", buf, 4) == 0)) ||
- ((www == 2) && (strncmp("GET /stats ", buf, 10) == 0))) {
+ ((www == 2) && (strncmp("GET /stats ", buf, 11) == 0))) {
char *p;
X509 *peer;
STACK_OF(SSL_CIPHER) *sk;
@@ -3331,6 +3323,10 @@ static int add_session(SSL *ssl, SSL_SESSION *session)
unsigned char *p;
sess = OPENSSL_malloc(sizeof(simple_ssl_session));
+ if(!sess) {
+ BIO_printf(bio_err, "Out of memory adding session to external cache\n");
+ return 0;
+ }
SSL_SESSION_get_id(session, &sess->idlen);
sess->derlen = i2d_SSL_SESSION(session, NULL);
@@ -3338,6 +3334,16 @@ static int add_session(SSL *ssl, SSL_SESSION *session)
sess->id = BUF_memdup(SSL_SESSION_get_id(session, NULL), sess->idlen);
sess->der = OPENSSL_malloc(sess->derlen);
+ if(!sess->id || !sess->der) {
+ BIO_printf(bio_err, "Out of memory adding session to external cache\n");
+
+ if(sess->id)
+ OPENSSL_free(sess->id);
+ if(sess->der)
+ OPENSSL_free(sess->der);
+ OPENSSL_free(sess);
+ return 0;
+ }
p = sess->der;
i2d_SSL_SESSION(session, &p);
diff --git a/openssl/apps/s_time.c b/openssl/apps/s_time.c
index 5846f3ae1..a40997a22 100644
--- a/openssl/apps/s_time.c
+++ b/openssl/apps/s_time.c
@@ -302,6 +302,10 @@ static int parseArgs(int argc, char **argv)
if (--argc < 1)
goto bad;
maxTime = atoi(*(++argv));
+ if(maxTime <= 0) {
+ BIO_printf(bio_err, "time must be > 0\n");
+ badop = 1;
+ }
} else {
BIO_printf(bio_err, "unknown option %s\n", *argv);
badop = 1;
@@ -550,7 +554,8 @@ int MAIN(int argc, char **argv)
nConn, totalTime, ((double)nConn / totalTime), bytes_read);
printf
("%d connections in %ld real seconds, %ld bytes read per connection\n",
- nConn, (long)time(NULL) - finishtime + maxTime, bytes_read / nConn);
+ nConn, (long)time(NULL) - finishtime + maxTime,
+ bytes_read / (nConn?nConn:1));
ret = 0;
end:
diff --git a/openssl/apps/speed.c b/openssl/apps/speed.c
index 7dcd354e0..7b1acc189 100644
--- a/openssl/apps/speed.c
+++ b/openssl/apps/speed.c
@@ -2775,6 +2775,11 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher)
inp = OPENSSL_malloc(mblengths[num - 1]);
out = OPENSSL_malloc(mblengths[num - 1] + 1024);
+ if(!inp || !out) {
+ BIO_printf(bio_err,"Out of memory\n");
+ goto end;
+ }
+
EVP_CIPHER_CTX_init(&ctx);
EVP_EncryptInit_ex(&ctx, evp_cipher, NULL, no_key, no_iv);
@@ -2859,7 +2864,10 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher)
fprintf(stdout, "\n");
}
- OPENSSL_free(inp);
- OPENSSL_free(out);
+end:
+ if(inp)
+ OPENSSL_free(inp);
+ if(out)
+ OPENSSL_free(out);
}
#endif
diff --git a/openssl/apps/srp.c b/openssl/apps/srp.c
index 47b45fbf9..c679448ee 100644
--- a/openssl/apps/srp.c
+++ b/openssl/apps/srp.c
@@ -435,10 +435,18 @@ int MAIN(int argc, char **argv)
# ifdef OPENSSL_SYS_VMS
len = strlen(s) + sizeof(CONFIG_FILE);
tofree = OPENSSL_malloc(len);
+ if(!tofree) {
+ BIO_printf(bio_err, "Out of memory\n");
+ goto err;
+ }
strcpy(tofree, s);
# else
len = strlen(s) + sizeof(CONFIG_FILE) + 1;
tofree = OPENSSL_malloc(len);
+ if(!tofree) {
+ BIO_printf(bio_err, "Out of memory\n");
+ goto err;
+ }
BUF_strlcpy(tofree, s, len);
BUF_strlcat(tofree, "/", len);
# endif
diff --git a/openssl/apps/x509.c b/openssl/apps/x509.c
index d005c82bb..864a60dda 100644
--- a/openssl/apps/x509.c
+++ b/openssl/apps/x509.c
@@ -829,6 +829,11 @@ int MAIN(int argc, char **argv)
z = i2d_X509(x, NULL);
m = OPENSSL_malloc(z);
+ if (!m) {
+ BIO_printf(bio_err, "Out of memory\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
d = (unsigned char *)m;
z = i2d_X509_NAME(X509_get_subject_name(x), &d);