diff options
author | Matt Caswell <matt@openssl.org> | 2015-03-11 20:19:08 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-03-12 09:33:48 +0000 |
commit | 2407241fb27c5ebd69262024b8abf9486708c7e6 (patch) | |
tree | c74bb74d4bbee86722a488993cb2e59971e7f7f4 | |
parent | 3942e7d9ebc262fa5c5c42aba0167e06d981f004 (diff) | |
download | openssl-new-2407241fb27c5ebd69262024b8abf9486708c7e6.tar.gz |
Fix dsa_pub_encode
The return value from ASN1_STRING_new() was not being checked which could
lead to a NULL deref in the event of a malloc failure. Also fixed a mem
leak in the error path.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 0c7ca4033dcf5398334d4b78a7dfb941c8167a40)
-rw-r--r-- | crypto/dsa/dsa_ameth.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index 1b29d8162a..a2840eaed0 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -129,21 +129,23 @@ static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) { DSA *dsa; - void *pval = NULL; int ptype; unsigned char *penc = NULL; int penclen; + ASN1_STRING *str = NULL; dsa = pkey->pkey.dsa; if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) { - ASN1_STRING *str; str = ASN1_STRING_new(); + if (!str) { + DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE); + goto err; + } str->length = i2d_DSAparams(dsa, &str->data); if (str->length <= 0) { DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE); goto err; } - pval = str; ptype = V_ASN1_SEQUENCE; } else ptype = V_ASN1_UNDEF; @@ -158,14 +160,14 @@ static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) } if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA), - ptype, pval, penc, penclen)) + ptype, str, penc, penclen)) return 1; err: if (penc) OPENSSL_free(penc); - if (pval) - ASN1_STRING_free(pval); + if (str) + ASN1_STRING_free(str); return 0; } |