Fix memory leaks from missing checks of return value from sk_OPENSSL_STRING_push()

author Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk>

Sat, 21 Dec 2024 20:15:36 +0000 (21:15 +0100)

committer Tomas Mraz <tomas@openssl.org>

Thu, 9 Jan 2025 14:24:49 +0000 (15:24 +0100)
author Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk>
Sat, 21 Dec 2024 20:15:36 +0000 (21:15 +0100)
committer Tomas Mraz <tomas@openssl.org>
Thu, 9 Jan 2025 14:24:49 +0000 (15:24 +0100)
diff --git a/apps/asn1parse.c b/apps/asn1parse.c

index f0bfd1d45fc4233f2f10d821d5dbc95f84ff8f2d..f07a6214b7952460dad51454ec7762a9eba9ef3d 100644 (file)
--- a/apps/asn1parse.c
+++ b/apps/asn1parse.c
@@ -127,7 +127,8 @@ int asn1parse_main(int argc, char **argv)
              dump = strtol(opt_arg(), NULL, 0);
              break;
          case OPT_STRPARSE:
-            sk_OPENSSL_STRING_push(osk, opt_arg());
+            if (sk_OPENSSL_STRING_push(osk, opt_arg()) <= 0)
+                goto end;
              break;
          case OPT_GENSTR:
              genstr = opt_arg();
diff --git a/apps/cms.c b/apps/cms.c

index 7117b9617e75552ca954ec39fa685bc86381db90..f52aab3534e9b02a978d97d403f6e7df2716b372 100644 (file)
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -494,13 +494,15 @@ int cms_main(int argc, char **argv)
              if (rr_from == NULL
                  && (rr_from = sk_OPENSSL_STRING_new_null()) == NULL)
                  goto end;
-            sk_OPENSSL_STRING_push(rr_from, opt_arg());
+            if (sk_OPENSSL_STRING_push(rr_from, opt_arg()) <= 0)
+                goto end;
              break;
          case OPT_RR_TO:
              if (rr_to == NULL
                  && (rr_to = sk_OPENSSL_STRING_new_null()) == NULL)
                  goto end;
-            sk_OPENSSL_STRING_push(rr_to, opt_arg());
+            if (sk_OPENSSL_STRING_push(rr_to, opt_arg()) <= 0)
+                goto end;
              break;
          case OPT_PRINT:
              noout = print = 1;
@@ -577,13 +579,15 @@ int cms_main(int argc, char **argv)
                  if (sksigners == NULL
                      && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
                      goto end;
-                sk_OPENSSL_STRING_push(sksigners, signerfile);
+                if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
+                    goto end;
                  if (keyfile == NULL)
                      keyfile = signerfile;
                  if (skkeys == NULL
                      && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
                      goto end;
-                sk_OPENSSL_STRING_push(skkeys, keyfile);
+                if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
+                    goto end;
                  keyfile = NULL;
              }
              signerfile = opt_arg();
@@ -601,12 +605,14 @@ int cms_main(int argc, char **argv)
                  if (sksigners == NULL
                      && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
                      goto end;
-                sk_OPENSSL_STRING_push(sksigners, signerfile);
+                if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
+                    goto end;
                  signerfile = NULL;
                  if (skkeys == NULL
                      && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
                      goto end;
-                sk_OPENSSL_STRING_push(skkeys, keyfile);
+                if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
+                    goto end;
              }
              keyfile = opt_arg();
              break;
@@ -660,7 +666,8 @@ int cms_main(int argc, char **argv)
                      key_param->next = nparam;
                  key_param = nparam;
              }
-            sk_OPENSSL_STRING_push(key_param->param, opt_arg());
+            if (sk_OPENSSL_STRING_push(key_param->param, opt_arg()) <= 0)
+                goto end;
              break;
          case OPT_V_CASES:
              if (!opt_verify(o, vpm))
@@ -749,12 +756,14 @@ int cms_main(int argc, char **argv)
              if (sksigners == NULL
                  && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
                  goto end;
-            sk_OPENSSL_STRING_push(sksigners, signerfile);
+            if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
+                goto end;
              if (skkeys == NULL && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
                  goto end;
              if (keyfile == NULL)
                  keyfile = signerfile;
-            sk_OPENSSL_STRING_push(skkeys, keyfile);
+            if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
+                goto end;
          }
          if (sksigners == NULL) {
              BIO_printf(bio_err, "No signer certificate specified\n");
diff --git a/apps/engine.c b/apps/engine.c

index 1b0f64309c6f975111acb766643a335da2eadffe..bb4e326a80b97b96517e79d3c4a776f208039d83 100644 (file)
--- a/apps/engine.c
+++ b/apps/engine.c
@@ -352,10 +352,12 @@ int engine_main(int argc, char **argv)
              test_avail++;
              break;
          case OPT_PRE:
-            sk_OPENSSL_STRING_push(pre_cmds, opt_arg());
+            if (sk_OPENSSL_STRING_push(pre_cmds, opt_arg()) <= 0)
+                goto end;
              break;
          case OPT_POST:
-            sk_OPENSSL_STRING_push(post_cmds, opt_arg());
+            if (sk_OPENSSL_STRING_push(post_cmds, opt_arg()) <= 0)
+                goto end;
              break;
          }
      }
diff --git a/apps/pkcs12.c b/apps/pkcs12.c

index ab78903ee9cdcfac80e752c503645d23678c7750..b4a111fdb529b4f5adf653385deca869cf5e741e 100644 (file)
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -305,7 +305,8 @@ int pkcs12_main(int argc, char **argv)
              if (canames == NULL
                  && (canames = sk_OPENSSL_STRING_new_null()) == NULL)
                  goto end;
-            sk_OPENSSL_STRING_push(canames, opt_arg());
+            if (sk_OPENSSL_STRING_push(canames, opt_arg()) <= 0)
+                goto end;
              break;
          case OPT_IN:
              infile = opt_arg();
diff --git a/apps/smime.c b/apps/smime.c

index 651294e46daa922cc5841599d72f903187f6dc4b..7ee4d234868abd45e82467997ea898c3c66cf105 100644 (file)
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -279,13 +279,15 @@ int smime_main(int argc, char **argv)
                  if (sksigners == NULL
                      && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
                      goto end;
-                sk_OPENSSL_STRING_push(sksigners, signerfile);
+                if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
+                    goto end;
                  if (keyfile == NULL)
                      keyfile = signerfile;
                  if (skkeys == NULL
                      && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
                      goto end;
-                sk_OPENSSL_STRING_push(skkeys, keyfile);
+                if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
+                    goto end;
                  keyfile = NULL;
              }
              signerfile = opt_arg();
@@ -310,12 +312,14 @@ int smime_main(int argc, char **argv)
                  if (sksigners == NULL
                      && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
                      goto end;
-                sk_OPENSSL_STRING_push(sksigners, signerfile);
+                if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
+                    goto end;
                  signerfile = NULL;
                  if (skkeys == NULL
                      && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
                      goto end;
-                sk_OPENSSL_STRING_push(skkeys, keyfile);
+                if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
+                    goto end;
              }
              keyfile = opt_arg();
              break;
@@ -390,12 +394,14 @@ int smime_main(int argc, char **argv)
              if (sksigners == NULL
                  && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
                  goto end;
-            sk_OPENSSL_STRING_push(sksigners, signerfile);
+            if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
+                goto end;
              if (!skkeys && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
                  goto end;
              if (!keyfile)
                  keyfile = signerfile;
-            sk_OPENSSL_STRING_push(skkeys, keyfile);
+            if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
+                goto end;
          }
          if (sksigners == NULL) {
              BIO_printf(bio_err, "No signer certificate specified\n");
author	Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk>
	Sat, 21 Dec 2024 20:15:36 +0000 (21:15 +0100)
committer	Tomas Mraz <tomas@openssl.org>
	Thu, 9 Jan 2025 14:24:49 +0000 (15:24 +0100)
apps/asn1parse.c		patch \| blob \| blame \| history
apps/cms.c		patch \| blob \| blame \| history
apps/engine.c		patch \| blob \| blame \| history
apps/pkcs12.c		patch \| blob \| blame \| history
apps/smime.c		patch \| blob \| blame \| history