From b2f90e93a07d992515782511a5770aa7cf7dc28f Mon Sep 17 00:00:00 2001 From: Jiasheng Jiang Date: Wed, 2 Feb 2022 19:45:59 +0800 Subject: [PATCH] evp_test: Add the missing check after calling OPENSSL_strdup and sk_OPENSSL_STRING_new_null Since the memory allocation may fail, the 'mac_name' and 'controls' could be NULL. And the 'mac_name' will be printed in mac_test_run_mac() without check. Also the result of 'params_n + sk_OPENSSL_STRING_num(expected->controls)' in mac_test_run_mac() will be 'params_n - 1' if allocation fails , which does not make sense. Therefore, it should be better to check them in order to guarantee the complete success of initiation. If fails, we also need to free the 'mdat' to avoid the memory leak. Signed-off-by: Jiasheng Jiang Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17628) --- test/evp_test.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/test/evp_test.c b/test/evp_test.c index 6c4e64c159a..a1b6bce8fae 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -1201,9 +1201,18 @@ static int mac_test_init(EVP_TEST *t, const char *alg) return 0; mdat->type = type; - mdat->mac_name = OPENSSL_strdup(alg); + if (!TEST_ptr(mdat->mac_name = OPENSSL_strdup(alg))) { + OPENSSL_free(mdat); + return 0; + } + mdat->mac = mac; - mdat->controls = sk_OPENSSL_STRING_new_null(); + if (!TEST_ptr(mdat->controls = sk_OPENSSL_STRING_new_null())) { + OPENSSL_free(mdat->mac_name); + OPENSSL_free(mdat); + return 0; + } + mdat->output_size = mdat->block_size = -1; t->data = mdat; return 1; -- 2.47.2