Fix memory leaks from missing checks of return value from sk_OPENSSL_STRING_push()

author Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk>

Sat, 21 Dec 2024 20:15:36 +0000 (21:15 +0100)

committer Tomas Mraz <tomas@openssl.org>

Thu, 9 Jan 2025 14:24:19 +0000 (15:24 +0100)
author Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk>
Sat, 21 Dec 2024 20:15:36 +0000 (21:15 +0100)
committer Tomas Mraz <tomas@openssl.org>
Thu, 9 Jan 2025 14:24:19 +0000 (15:24 +0100)
diff --git a/apps/asn1parse.c b/apps/asn1parse.c

index 5f1d9558075879fb6bb1c3837810c89b19f9bbd6..fb865b15ce7ec60f983b281a917682d7d07606c6 100644 (file)
--- a/apps/asn1parse.c
+++ b/apps/asn1parse.c
@@ -127,7 +127,8 @@ int asn1parse_main(int argc, char **argv)
              dump = strtol(opt_arg(), NULL, 0);
              break;
          case OPT_STRPARSE:
-            sk_OPENSSL_STRING_push(osk, opt_arg());
+            if (sk_OPENSSL_STRING_push(osk, opt_arg()) <= 0)
+                goto end;
              break;
          case OPT_GENSTR:
              genstr = opt_arg();
diff --git a/apps/cms.c b/apps/cms.c

index e568a1467cab17311bc495422b5bde244915965b..815cbd1bf2c4981bc824015c66bbe9125b6abdc8 100644 (file)
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -505,13 +505,15 @@ int cms_main(int argc, char **argv)
              if (rr_from == NULL
                  && (rr_from = sk_OPENSSL_STRING_new_null()) == NULL)
                  goto end;
-            sk_OPENSSL_STRING_push(rr_from, opt_arg());
+            if (sk_OPENSSL_STRING_push(rr_from, opt_arg()) <= 0)
+                goto end;
              break;
          case OPT_RR_TO:
              if (rr_to == NULL
                  && (rr_to = sk_OPENSSL_STRING_new_null()) == NULL)
                  goto end;
-            sk_OPENSSL_STRING_push(rr_to, opt_arg());
+            if (sk_OPENSSL_STRING_push(rr_to, opt_arg()) <= 0)
+                goto end;
              break;
          case OPT_PRINT:
              noout = print = 1;
@@ -588,13 +590,15 @@ int cms_main(int argc, char **argv)
                  if (sksigners == NULL
                      && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
                      goto end;
-                sk_OPENSSL_STRING_push(sksigners, signerfile);
+                if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
+                    goto end;
                  if (keyfile == NULL)
                      keyfile = signerfile;
                  if (skkeys == NULL
                      && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
                      goto end;
-                sk_OPENSSL_STRING_push(skkeys, keyfile);
+                if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
+                    goto end;
                  keyfile = NULL;
              }
              signerfile = opt_arg();
@@ -612,12 +616,14 @@ int cms_main(int argc, char **argv)
                  if (sksigners == NULL
                      && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
                      goto end;
-                sk_OPENSSL_STRING_push(sksigners, signerfile);
+                if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
+                    goto end;
                  signerfile = NULL;
                  if (skkeys == NULL
                      && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
                      goto end;
-                sk_OPENSSL_STRING_push(skkeys, keyfile);
+                if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
+                    goto end;
              }
              keyfile = opt_arg();
              break;
@@ -671,7 +677,8 @@ int cms_main(int argc, char **argv)
                      key_param->next = nparam;
                  key_param = nparam;
              }
-            sk_OPENSSL_STRING_push(key_param->param, opt_arg());
+            if (sk_OPENSSL_STRING_push(key_param->param, opt_arg()) <= 0)
+                goto end;
              break;
          case OPT_V_CASES:
              if (!opt_verify(o, vpm))
@@ -758,12 +765,14 @@ int cms_main(int argc, char **argv)
              if (sksigners == NULL
                  && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
                  goto end;
-            sk_OPENSSL_STRING_push(sksigners, signerfile);
+            if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
+                goto end;
              if (skkeys == NULL && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
                  goto end;
              if (keyfile == NULL)
                  keyfile = signerfile;
-            sk_OPENSSL_STRING_push(skkeys, keyfile);
+            if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
+                goto end;
          }
          if (sksigners == NULL) {
              BIO_printf(bio_err, "No signer certificate specified\n");
diff --git a/apps/engine.c b/apps/engine.c

index c3e8e4a27b0451b092d3ee979f9e4f297a960983..5a0b20d6ee5c3fcada0d441abfdd7f80900ea9c7 100644 (file)
--- a/apps/engine.c
+++ b/apps/engine.c
@@ -352,10 +352,12 @@ int engine_main(int argc, char **argv)
              test_avail++;
              break;
          case OPT_PRE:
-            sk_OPENSSL_STRING_push(pre_cmds, opt_arg());
+            if (sk_OPENSSL_STRING_push(pre_cmds, opt_arg()) <= 0)
+                goto end;
              break;
          case OPT_POST:
-            sk_OPENSSL_STRING_push(post_cmds, opt_arg());
+            if (sk_OPENSSL_STRING_push(post_cmds, opt_arg()) <= 0)
+                goto end;
              break;
          }
      }
diff --git a/apps/pkcs12.c b/apps/pkcs12.c

index 3b91f132f53333a3a5a2df01441666d3d2ddc7c2..08caaedff3866d84c70c81021c2649729188275b 100644 (file)
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -328,7 +328,8 @@ int pkcs12_main(int argc, char **argv)
              if (canames == NULL
                  && (canames = sk_OPENSSL_STRING_new_null()) == NULL)
                  goto end;
-            sk_OPENSSL_STRING_push(canames, opt_arg());
+            if (sk_OPENSSL_STRING_push(canames, opt_arg()) <= 0)
+                goto end;
              break;
          case OPT_IN:
              infile = opt_arg();
diff --git a/apps/smime.c b/apps/smime.c

index d5a4feb489d3f17e9a41705c1f5082efe34f1c3c..42ae5f4451fd5afd802b5f237a0245f1fdf32ed5 100644 (file)
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -315,13 +315,15 @@ int smime_main(int argc, char **argv)
                  if (sksigners == NULL
                      && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
                      goto end;
-                sk_OPENSSL_STRING_push(sksigners, signerfile);
+                if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
+                    goto end;
                  if (keyfile == NULL)
                      keyfile = signerfile;
                  if (skkeys == NULL
                      && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
                      goto end;
-                sk_OPENSSL_STRING_push(skkeys, keyfile);
+                if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
+                    goto end;
                  keyfile = NULL;
              }
              signerfile = opt_arg();
@@ -346,12 +348,14 @@ int smime_main(int argc, char **argv)
                  if (sksigners == NULL
                      && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
                      goto end;
-                sk_OPENSSL_STRING_push(sksigners, signerfile);
+                if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
+                    goto end;
                  signerfile = NULL;
                  if (skkeys == NULL
                      && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
                      goto end;
-                sk_OPENSSL_STRING_push(skkeys, keyfile);
+                if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
+                    goto end;
              }
              keyfile = opt_arg();
              break;
@@ -424,12 +428,14 @@ int smime_main(int argc, char **argv)
              if (sksigners == NULL
                  && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
                  goto end;
-            sk_OPENSSL_STRING_push(sksigners, signerfile);
+            if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
+                goto end;
              if (!skkeys && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
                  goto end;
              if (!keyfile)
                  keyfile = signerfile;
-            sk_OPENSSL_STRING_push(skkeys, keyfile);
+            if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
+                goto end;
          }
          if (sksigners == NULL) {
              BIO_printf(bio_err, "No signer certificate specified\n");
author	Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk>
	Sat, 21 Dec 2024 20:15:36 +0000 (21:15 +0100)
committer	Tomas Mraz <tomas@openssl.org>
	Thu, 9 Jan 2025 14:24:19 +0000 (15:24 +0100)
apps/asn1parse.c		patch \| blob \| blame \| history
apps/cms.c		patch \| blob \| blame \| history
apps/engine.c		patch \| blob \| blame \| history
apps/pkcs12.c		patch \| blob \| blame \| history
apps/smime.c		patch \| blob \| blame \| history