Coverity Fixes

x_algor.c: Explicit null dereferenced
cms_sd.c: Resource leak
ts_rsp_sign.c Resource Leak
extensions_srvr.c: Resourse Leak
v3_alt.c: Resourse Leak
pcy_data.c: Resource Leak
cms_lib.c: Resource Leak
drbg_lib.c: Unchecked return code

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12531)

diff --git a/crypto/asn1/x_algor.c b/crypto/asn1/x_algor.c
index e13daf849b9bb2edf73121800e01831ad9b48189..2046d8f3cf31eee0577fb456027fb2ec8a36efc5 100644 (file)
--- a/crypto/asn1/x_algor.c
+++ b/crypto/asn1/x_algor.c
@@ -110,13 +110,17 @@ int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src)
         if ((dest->algorithm = OBJ_dup(src->algorithm)) == NULL)
            return 0;
 
-    if (src->parameter)
+    if (src->parameter) {
+        dest->parameter = ASN1_TYPE_new();
+        if (dest->parameter == NULL)
+            return 0;
+
         /* Assuming this is also correct for a BOOL.
          * set does copy as a side effect.
          */
         if (ASN1_TYPE_set1(dest->parameter, 
-              src->parameter->type, src->parameter->value.ptr) == 0)
-           return 0;
-
+                src->parameter->type, src->parameter->value.ptr) == 0)
+            return 0;
+    }
     return 1;
 }

diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c
index 57afba436115045a90d6d6b10c47635a8d0a833b..cdd794e2115ddf16f48e2cea9fc9b86383418520 100644 (file)
--- a/crypto/cms/cms_lib.c
+++ b/crypto/cms/cms_lib.c
@@ -92,12 +92,13 @@ BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont)
 
     default:
         CMSerr(CMS_F_CMS_DATAINIT, CMS_R_UNSUPPORTED_TYPE);
-        return NULL;
+        goto err;
     }
 
     if (cmsbio)
         return BIO_push(cmsbio, cont);
 
+err:
     if (!icont)
         BIO_free(cont);
     return NULL;

diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
index 29ba4c1b13342819e48fd8c8e2f5857560217500..6030f071816db7eceb474753c98c4c5922cb1035 100644 (file)
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@@ -897,8 +897,10 @@ int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
     ASN1_INTEGER *key = NULL;
     if (keysize > 0) {
         key = ASN1_INTEGER_new();
-        if (key == NULL || !ASN1_INTEGER_set(key, keysize))
+        if (key == NULL || !ASN1_INTEGER_set(key, keysize)) {
+            ASN1_INTEGER_free(key);
             return 0;
+        }
     }
     alg = X509_ALGOR_new();
     if (alg == NULL) {

diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c
index faf0590c6c281e39e63bdc43210329ad26db2516..73fd4394a308cef058fec0be28263b897a216319 100644 (file)
--- a/crypto/rand/drbg_lib.c
+++ b/crypto/rand/drbg_lib.c
@@ -330,7 +330,7 @@ int RAND_DRBG_instantiate(RAND_DRBG *drbg,
     drbg->reseed_next_counter = tsan_load(&drbg->reseed_prop_counter);
     if (drbg->reseed_next_counter) {
         drbg->reseed_next_counter++;
-        if(!drbg->reseed_next_counter)
+        if (!drbg->reseed_next_counter)
             drbg->reseed_next_counter = 1;
     }
 
@@ -432,7 +432,7 @@ int RAND_DRBG_reseed(RAND_DRBG *drbg,
     drbg->reseed_next_counter = tsan_load(&drbg->reseed_prop_counter);
     if (drbg->reseed_next_counter) {
         drbg->reseed_next_counter++;
-        if(!drbg->reseed_next_counter)
+        if (!drbg->reseed_next_counter)
             drbg->reseed_next_counter = 1;
     }
 
@@ -554,7 +554,9 @@ int rand_drbg_restart(RAND_DRBG *drbg,
             drbg->meth->reseed(drbg, adin, adinlen, NULL, 0);
         } else if (reseeded == 0) {
             /* do a full reseeding if it has not been done yet above */
-            RAND_DRBG_reseed(drbg, NULL, 0, 0);
+            if (!RAND_DRBG_reseed(drbg, NULL, 0, 0)) {
+                RANDerr(RAND_F_RAND_DRBG_RESTART, RAND_R_RESEED_ERROR);
+            }
         }
     }
 

diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c
index 041a187da68c6a173451578b0228928b79f9ba3b..342582f024b2a79479fa3a5e6e40e2d1d6c0b004 100644 (file)
--- a/crypto/ts/ts_rsp_sign.c
+++ b/crypto/ts/ts_rsp_sign.c
@@ -57,12 +57,14 @@ static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *ctx, void *data)
         goto err;
     if (!ASN1_INTEGER_set(serial, 1))
         goto err;
+
     return serial;
 
  err:
     TSerr(TS_F_DEF_SERIAL_CB, ERR_R_MALLOC_FAILURE);
     TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
                                 "Error during serial number generation.");
+    ASN1_INTEGER_free(serial);
     return NULL;
 }
 

diff --git a/crypto/x509v3/pcy_data.c b/crypto/x509v3/pcy_data.c
index 073505951322018e3fb629d083e65bc39194a45c..62db3b48e248940aad76ae6d8c6a2b457e4a82f3 100644 (file)
--- a/crypto/x509v3/pcy_data.c
+++ b/crypto/x509v3/pcy_data.c
@@ -52,6 +52,7 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy,
     ret = OPENSSL_zalloc(sizeof(*ret));
     if (ret == NULL) {
         X509V3err(X509V3_F_POLICY_DATA_NEW, ERR_R_MALLOC_FAILURE);
+        ASN1_OBJECT_free(id);
         return NULL;
     }
     ret->expected_policy_set = sk_ASN1_OBJECT_new_null();

diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c
index 7ac2911b91af01f366d46380eecbe9d7847cc3b2..0bcee334a8d56fde8f47f6e3192037d6bad373e8 100644 (file)
--- a/crypto/x509v3/v3_alt.c
+++ b/crypto/x509v3/v3_alt.c
@@ -275,6 +275,7 @@ static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens)
     num = sk_GENERAL_NAME_num(ialt);
     if (!sk_GENERAL_NAME_reserve(gens, num)) {
         X509V3err(X509V3_F_COPY_ISSUER, ERR_R_MALLOC_FAILURE);
+        sk_GENERAL_NAME_free(ialt);
         goto err;
     }
 

diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 3b07c6b940f4bee8ba9f1bfa107479e4d0042327..3c7395c0eb263cd7ee92f75d424810ffc82af8cd 100644 (file)
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -1151,7 +1151,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
             if (sesstmp == NULL) {
                 SSLfatal(s, SSL_AD_INTERNAL_ERROR,
                          SSL_F_TLS_PARSE_CTOS_PSK, ERR_R_INTERNAL_ERROR);
-                return 0;
+                goto err;
             }
             SSL_SESSION_free(sess);
             sess = sesstmp;