From: Frederik Wedel-Heinen Date: Sat, 21 Dec 2024 20:15:36 +0000 (+0100) Subject: Fix memory leaks from missing checks of return value from sk_OPENSSL_STRING_push() X-Git-Tag: openssl-3.5.0-alpha1~760 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d48874ab477be0fa3df11bfcc38c043b8f7ab8e2;p=thirdparty%2Fopenssl.git Fix memory leaks from missing checks of return value from sk_OPENSSL_STRING_push() Reviewed-by: Saša Nedvědický Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/26238) --- diff --git a/apps/asn1parse.c b/apps/asn1parse.c index 5f1d9558075..fb865b15ce7 100644 --- a/apps/asn1parse.c +++ b/apps/asn1parse.c @@ -127,7 +127,8 @@ int asn1parse_main(int argc, char **argv) dump = strtol(opt_arg(), NULL, 0); break; case OPT_STRPARSE: - sk_OPENSSL_STRING_push(osk, opt_arg()); + if (sk_OPENSSL_STRING_push(osk, opt_arg()) <= 0) + goto end; break; case OPT_GENSTR: genstr = opt_arg(); diff --git a/apps/cms.c b/apps/cms.c index 91279863b50..539812ebb99 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -511,13 +511,15 @@ int cms_main(int argc, char **argv) if (rr_from == NULL && (rr_from = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(rr_from, opt_arg()); + if (sk_OPENSSL_STRING_push(rr_from, opt_arg()) <= 0) + goto end; break; case OPT_RR_TO: if (rr_to == NULL && (rr_to = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(rr_to, opt_arg()); + if (sk_OPENSSL_STRING_push(rr_to, opt_arg()) <= 0) + goto end; break; case OPT_PRINT: noout = print = 1; @@ -594,13 +596,15 @@ int cms_main(int argc, char **argv) if (sksigners == NULL && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(sksigners, signerfile); + if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0) + goto end; if (keyfile == NULL) keyfile = signerfile; if (skkeys == NULL && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(skkeys, keyfile); + if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0) + goto end; keyfile = NULL; } signerfile = opt_arg(); @@ -618,12 +622,14 @@ int cms_main(int argc, char **argv) if (sksigners == NULL && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(sksigners, signerfile); + if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0) + goto end; signerfile = NULL; if (skkeys == NULL && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(skkeys, keyfile); + if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0) + goto end; } keyfile = opt_arg(); break; @@ -677,7 +683,8 @@ int cms_main(int argc, char **argv) key_param->next = nparam; key_param = nparam; } - sk_OPENSSL_STRING_push(key_param->param, opt_arg()); + if (sk_OPENSSL_STRING_push(key_param->param, opt_arg()) <= 0) + goto end; break; case OPT_V_CASES: if (!opt_verify(o, vpm)) @@ -764,12 +771,14 @@ int cms_main(int argc, char **argv) if (sksigners == NULL && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(sksigners, signerfile); + if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0) + goto end; if (skkeys == NULL && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) goto end; if (keyfile == NULL) keyfile = signerfile; - sk_OPENSSL_STRING_push(skkeys, keyfile); + if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0) + goto end; } if (sksigners == NULL) { BIO_printf(bio_err, "No signer certificate specified\n"); diff --git a/apps/engine.c b/apps/engine.c index b539ec51dbd..c11c6a29112 100644 --- a/apps/engine.c +++ b/apps/engine.c @@ -353,10 +353,12 @@ int engine_main(int argc, char **argv) test_avail++; break; case OPT_PRE: - sk_OPENSSL_STRING_push(pre_cmds, opt_arg()); + if (sk_OPENSSL_STRING_push(pre_cmds, opt_arg()) <= 0) + goto end; break; case OPT_POST: - sk_OPENSSL_STRING_push(post_cmds, opt_arg()); + if (sk_OPENSSL_STRING_push(post_cmds, opt_arg()) <= 0) + goto end; break; } } diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 3b91f132f53..08caaedff38 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -328,7 +328,8 @@ int pkcs12_main(int argc, char **argv) if (canames == NULL && (canames = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(canames, opt_arg()); + if (sk_OPENSSL_STRING_push(canames, opt_arg()) <= 0) + goto end; break; case OPT_IN: infile = opt_arg(); diff --git a/apps/smime.c b/apps/smime.c index 132caba2efb..93ec1161e29 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -315,13 +315,15 @@ int smime_main(int argc, char **argv) if (sksigners == NULL && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(sksigners, signerfile); + if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0) + goto end; if (keyfile == NULL) keyfile = signerfile; if (skkeys == NULL && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(skkeys, keyfile); + if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0) + goto end; keyfile = NULL; } signerfile = opt_arg(); @@ -346,12 +348,14 @@ int smime_main(int argc, char **argv) if (sksigners == NULL && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(sksigners, signerfile); + if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0) + goto end; signerfile = NULL; if (skkeys == NULL && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(skkeys, keyfile); + if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0) + goto end; } keyfile = opt_arg(); break; @@ -424,12 +428,14 @@ int smime_main(int argc, char **argv) if (sksigners == NULL && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(sksigners, signerfile); + if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0) + goto end; if (!skkeys && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) goto end; if (!keyfile) keyfile = signerfile; - sk_OPENSSL_STRING_push(skkeys, keyfile); + if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0) + goto end; } if (sksigners == NULL) { BIO_printf(bio_err, "No signer certificate specified\n");