Fix memory leaks from missing checks of return value from sk_OPENSSL_STRING_push()

author Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk>

Sat, 21 Dec 2024 20:15:36 +0000 (21:15 +0100)

committer Tomas Mraz <tomas@openssl.org>

Thu, 9 Jan 2025 14:23:39 +0000 (15:23 +0100)
author Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk>
Sat, 21 Dec 2024 20:15:36 +0000 (21:15 +0100)
committer Tomas Mraz <tomas@openssl.org>
Thu, 9 Jan 2025 14:23:39 +0000 (15:23 +0100)
diff --git a/apps/asn1parse.c b/apps/asn1parse.c

index 5f1d9558075879fb6bb1c3837810c89b19f9bbd6..fb865b15ce7ec60f983b281a917682d7d07606c6 100644 (file)
--- a/apps/asn1parse.c
+++ b/apps/asn1parse.c
@@ -127,7 +127,8 @@ int asn1parse_main(int argc, char **argv)
              dump = strtol(opt_arg(), NULL, 0);
              break;
          case OPT_STRPARSE:
-            sk_OPENSSL_STRING_push(osk, opt_arg());
+            if (sk_OPENSSL_STRING_push(osk, opt_arg()) <= 0)
+                goto end;
              break;
          case OPT_GENSTR:
              genstr = opt_arg();
diff --git a/apps/cms.c b/apps/cms.c

index 91279863b50eebcab5129b595cdc72c28593d45a..539812ebb999464c15aaa20dcaba514705c83e4d 100644 (file)
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -511,13 +511,15 @@ int cms_main(int argc, char **argv)
              if (rr_from == NULL
                  && (rr_from = sk_OPENSSL_STRING_new_null()) == NULL)
                  goto end;
-            sk_OPENSSL_STRING_push(rr_from, opt_arg());
+            if (sk_OPENSSL_STRING_push(rr_from, opt_arg()) <= 0)
+                goto end;
              break;
          case OPT_RR_TO:
              if (rr_to == NULL
                  && (rr_to = sk_OPENSSL_STRING_new_null()) == NULL)
                  goto end;
-            sk_OPENSSL_STRING_push(rr_to, opt_arg());
+            if (sk_OPENSSL_STRING_push(rr_to, opt_arg()) <= 0)
+                goto end;
              break;
          case OPT_PRINT:
              noout = print = 1;
@@ -594,13 +596,15 @@ int cms_main(int argc, char **argv)
                  if (sksigners == NULL
                      && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
                      goto end;
-                sk_OPENSSL_STRING_push(sksigners, signerfile);
+                if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
+                    goto end;
                  if (keyfile == NULL)
                      keyfile = signerfile;
                  if (skkeys == NULL
                      && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
                      goto end;
-                sk_OPENSSL_STRING_push(skkeys, keyfile);
+                if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
+                    goto end;
                  keyfile = NULL;
              }
              signerfile = opt_arg();
@@ -618,12 +622,14 @@ int cms_main(int argc, char **argv)
                  if (sksigners == NULL
                      && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
                      goto end;
-                sk_OPENSSL_STRING_push(sksigners, signerfile);
+                if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
+                    goto end;
                  signerfile = NULL;
                  if (skkeys == NULL
                      && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
                      goto end;
-                sk_OPENSSL_STRING_push(skkeys, keyfile);
+                if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
+                    goto end;
              }
              keyfile = opt_arg();
              break;
@@ -677,7 +683,8 @@ int cms_main(int argc, char **argv)
                      key_param->next = nparam;
                  key_param = nparam;
              }
-            sk_OPENSSL_STRING_push(key_param->param, opt_arg());
+            if (sk_OPENSSL_STRING_push(key_param->param, opt_arg()) <= 0)
+                goto end;
              break;
          case OPT_V_CASES:
              if (!opt_verify(o, vpm))
@@ -764,12 +771,14 @@ int cms_main(int argc, char **argv)
              if (sksigners == NULL
                  && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
                  goto end;
-            sk_OPENSSL_STRING_push(sksigners, signerfile);
+            if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
+                goto end;
              if (skkeys == NULL && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
                  goto end;
              if (keyfile == NULL)
                  keyfile = signerfile;
-            sk_OPENSSL_STRING_push(skkeys, keyfile);
+            if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
+                goto end;
          }
          if (sksigners == NULL) {
              BIO_printf(bio_err, "No signer certificate specified\n");
diff --git a/apps/engine.c b/apps/engine.c

index b539ec51dbdabcaaeba8a9be0a30557fa2a74ad0..c11c6a29112de48973a676bc3d19eac107276c9c 100644 (file)
--- a/apps/engine.c
+++ b/apps/engine.c
@@ -353,10 +353,12 @@ int engine_main(int argc, char **argv)
              test_avail++;
              break;
          case OPT_PRE:
-            sk_OPENSSL_STRING_push(pre_cmds, opt_arg());
+            if (sk_OPENSSL_STRING_push(pre_cmds, opt_arg()) <= 0)
+                goto end;
              break;
          case OPT_POST:
-            sk_OPENSSL_STRING_push(post_cmds, opt_arg());
+            if (sk_OPENSSL_STRING_push(post_cmds, opt_arg()) <= 0)
+                goto end;
              break;
          }
      }
diff --git a/apps/pkcs12.c b/apps/pkcs12.c

index 3b91f132f53333a3a5a2df01441666d3d2ddc7c2..08caaedff3866d84c70c81021c2649729188275b 100644 (file)
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -328,7 +328,8 @@ int pkcs12_main(int argc, char **argv)
              if (canames == NULL
                  && (canames = sk_OPENSSL_STRING_new_null()) == NULL)
                  goto end;
-            sk_OPENSSL_STRING_push(canames, opt_arg());
+            if (sk_OPENSSL_STRING_push(canames, opt_arg()) <= 0)
+                goto end;
              break;
          case OPT_IN:
              infile = opt_arg();
diff --git a/apps/smime.c b/apps/smime.c

index 132caba2efbea6fe7529c102ef8a2406520b4507..93ec1161e2986512a4715dbcf575480312488937 100644 (file)
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -315,13 +315,15 @@ int smime_main(int argc, char **argv)
                  if (sksigners == NULL
                      && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
                      goto end;
-                sk_OPENSSL_STRING_push(sksigners, signerfile);
+                if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
+                    goto end;
                  if (keyfile == NULL)
                      keyfile = signerfile;
                  if (skkeys == NULL
                      && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
                      goto end;
-                sk_OPENSSL_STRING_push(skkeys, keyfile);
+                if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
+                    goto end;
                  keyfile = NULL;
              }
              signerfile = opt_arg();
@@ -346,12 +348,14 @@ int smime_main(int argc, char **argv)
                  if (sksigners == NULL
                      && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
                      goto end;
-                sk_OPENSSL_STRING_push(sksigners, signerfile);
+                if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
+                    goto end;
                  signerfile = NULL;
                  if (skkeys == NULL
                      && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
                      goto end;
-                sk_OPENSSL_STRING_push(skkeys, keyfile);
+                if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
+                    goto end;
              }
              keyfile = opt_arg();
              break;
@@ -424,12 +428,14 @@ int smime_main(int argc, char **argv)
              if (sksigners == NULL
                  && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
                  goto end;
-            sk_OPENSSL_STRING_push(sksigners, signerfile);
+            if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
+                goto end;
              if (!skkeys && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
                  goto end;
              if (!keyfile)
                  keyfile = signerfile;
-            sk_OPENSSL_STRING_push(skkeys, keyfile);
+            if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
+                goto end;
          }
          if (sksigners == NULL) {
              BIO_printf(bio_err, "No signer certificate specified\n");
author	Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk>
	Sat, 21 Dec 2024 20:15:36 +0000 (21:15 +0100)
committer	Tomas Mraz <tomas@openssl.org>
	Thu, 9 Jan 2025 14:23:39 +0000 (15:23 +0100)
apps/asn1parse.c		patch \| blob \| blame \| history
apps/cms.c		patch \| blob \| blame \| history
apps/engine.c		patch \| blob \| blame \| history
apps/pkcs12.c		patch \| blob \| blame \| history
apps/smime.c		patch \| blob \| blame \| history