Fix memory leaks from missing checks of return value from sk_OPENSSL_STRING_push()

author Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk>

Sat, 21 Dec 2024 20:15:36 +0000 (21:15 +0100)

committer Tomas Mraz <tomas@openssl.org>

Thu, 9 Jan 2025 14:24:25 +0000 (15:24 +0100)
author Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk>
Sat, 21 Dec 2024 20:15:36 +0000 (21:15 +0100)
committer Tomas Mraz <tomas@openssl.org>
Thu, 9 Jan 2025 14:24:25 +0000 (15:24 +0100)
diff --git a/apps/asn1parse.c b/apps/asn1parse.c

index bf62f8594790759a5db9e8837b4c9a4a6d9c00f5..1c287a298fdcd6ca1def5fc1eaabd3ec23b1688d 100644 (file)
--- a/apps/asn1parse.c
+++ b/apps/asn1parse.c
@@ -127,7 +127,8 @@ int asn1parse_main(int argc, char **argv)
              dump = strtol(opt_arg(), NULL, 0);
              break;
          case OPT_STRPARSE:
-            sk_OPENSSL_STRING_push(osk, opt_arg());
+            if (sk_OPENSSL_STRING_push(osk, opt_arg()) <= 0)
+                goto end;
              break;
          case OPT_GENSTR:
              genstr = opt_arg();
diff --git a/apps/cms.c b/apps/cms.c

index 3d964a638744c2c2d9d556a7c74e8cbadf8c9ce9..4576a5f0f903246cb6b35a5818575eff1c00fd67 100644 (file)
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -502,13 +502,15 @@ int cms_main(int argc, char **argv)
              if (rr_from == NULL
                  && (rr_from = sk_OPENSSL_STRING_new_null()) == NULL)
                  goto end;
-            sk_OPENSSL_STRING_push(rr_from, opt_arg());
+            if (sk_OPENSSL_STRING_push(rr_from, opt_arg()) <= 0)
+                goto end;
              break;
          case OPT_RR_TO:
              if (rr_to == NULL
                  && (rr_to = sk_OPENSSL_STRING_new_null()) == NULL)
                  goto end;
-            sk_OPENSSL_STRING_push(rr_to, opt_arg());
+            if (sk_OPENSSL_STRING_push(rr_to, opt_arg()) <= 0)
+                goto end;
              break;
          case OPT_PRINT:
              noout = print = 1;
@@ -585,13 +587,15 @@ int cms_main(int argc, char **argv)
                  if (sksigners == NULL
                      && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
                      goto end;
-                sk_OPENSSL_STRING_push(sksigners, signerfile);
+                if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
+                    goto end;
                  if (keyfile == NULL)
                      keyfile = signerfile;
                  if (skkeys == NULL
                      && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
                      goto end;
-                sk_OPENSSL_STRING_push(skkeys, keyfile);
+                if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
+                    goto end;
                  keyfile = NULL;
              }
              signerfile = opt_arg();
@@ -609,12 +613,14 @@ int cms_main(int argc, char **argv)
                  if (sksigners == NULL
                      && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
                      goto end;
-                sk_OPENSSL_STRING_push(sksigners, signerfile);
+                if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
+                    goto end;
                  signerfile = NULL;
                  if (skkeys == NULL
                      && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
                      goto end;
-                sk_OPENSSL_STRING_push(skkeys, keyfile);
+                if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
+                    goto end;
              }
              keyfile = opt_arg();
              break;
@@ -668,7 +674,8 @@ int cms_main(int argc, char **argv)
                      key_param->next = nparam;
                  key_param = nparam;
              }
-            sk_OPENSSL_STRING_push(key_param->param, opt_arg());
+            if (sk_OPENSSL_STRING_push(key_param->param, opt_arg()) <= 0)
+                goto end;
              break;
          case OPT_V_CASES:
              if (!opt_verify(o, vpm))
@@ -755,12 +762,14 @@ int cms_main(int argc, char **argv)
              if (sksigners == NULL
                  && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
                  goto end;
-            sk_OPENSSL_STRING_push(sksigners, signerfile);
+            if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
+                goto end;
              if (skkeys == NULL && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
                  goto end;
              if (keyfile == NULL)
                  keyfile = signerfile;
-            sk_OPENSSL_STRING_push(skkeys, keyfile);
+            if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
+                goto end;
          }
          if (sksigners == NULL) {
              BIO_printf(bio_err, "No signer certificate specified\n");
diff --git a/apps/engine.c b/apps/engine.c

index c3e8e4a27b0451b092d3ee979f9e4f297a960983..5a0b20d6ee5c3fcada0d441abfdd7f80900ea9c7 100644 (file)
--- a/apps/engine.c
+++ b/apps/engine.c
@@ -352,10 +352,12 @@ int engine_main(int argc, char **argv)
              test_avail++;
              break;
          case OPT_PRE:
-            sk_OPENSSL_STRING_push(pre_cmds, opt_arg());
+            if (sk_OPENSSL_STRING_push(pre_cmds, opt_arg()) <= 0)
+                goto end;
              break;
          case OPT_POST:
-            sk_OPENSSL_STRING_push(post_cmds, opt_arg());
+            if (sk_OPENSSL_STRING_push(post_cmds, opt_arg()) <= 0)
+                goto end;
              break;
          }
      }
diff --git a/apps/pkcs12.c b/apps/pkcs12.c

index e6fbc574a58e4bcd252c0f36fceccf249df021b1..deb57758ede5b69643521dd5705653f3cf674d2f 100644 (file)
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -320,7 +320,8 @@ int pkcs12_main(int argc, char **argv)
              if (canames == NULL
                  && (canames = sk_OPENSSL_STRING_new_null()) == NULL)
                  goto end;
-            sk_OPENSSL_STRING_push(canames, opt_arg());
+            if (sk_OPENSSL_STRING_push(canames, opt_arg()) <= 0)
+                goto end;
              break;
          case OPT_IN:
              infile = opt_arg();
diff --git a/apps/smime.c b/apps/smime.c

index c6c300c0b23c09d73fa05d508e44e46b37cb08bd..43f7acdf55e51f6b7daf373c2c4c9d9113f38021 100644 (file)
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -312,13 +312,15 @@ int smime_main(int argc, char **argv)
                  if (sksigners == NULL
                      && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
                      goto end;
-                sk_OPENSSL_STRING_push(sksigners, signerfile);
+                if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
+                    goto end;
                  if (keyfile == NULL)
                      keyfile = signerfile;
                  if (skkeys == NULL
                      && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
                      goto end;
-                sk_OPENSSL_STRING_push(skkeys, keyfile);
+                if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
+                    goto end;
                  keyfile = NULL;
              }
              signerfile = opt_arg();
@@ -343,12 +345,14 @@ int smime_main(int argc, char **argv)
                  if (sksigners == NULL
                      && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
                      goto end;
-                sk_OPENSSL_STRING_push(sksigners, signerfile);
+                if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
+                    goto end;
                  signerfile = NULL;
                  if (skkeys == NULL
                      && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
                      goto end;
-                sk_OPENSSL_STRING_push(skkeys, keyfile);
+                if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
+                    goto end;
              }
              keyfile = opt_arg();
              break;
@@ -421,12 +425,14 @@ int smime_main(int argc, char **argv)
              if (sksigners == NULL
                  && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
                  goto end;
-            sk_OPENSSL_STRING_push(sksigners, signerfile);
+            if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
+                goto end;
              if (!skkeys && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
                  goto end;
              if (!keyfile)
                  keyfile = signerfile;
-            sk_OPENSSL_STRING_push(skkeys, keyfile);
+            if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
+                goto end;
          }
          if (sksigners == NULL) {
              BIO_printf(bio_err, "No signer certificate specified\n");
author	Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk>
	Sat, 21 Dec 2024 20:15:36 +0000 (21:15 +0100)
committer	Tomas Mraz <tomas@openssl.org>
	Thu, 9 Jan 2025 14:24:25 +0000 (15:24 +0100)
apps/asn1parse.c		patch \| blob \| blame \| history
apps/cms.c		patch \| blob \| blame \| history
apps/engine.c		patch \| blob \| blame \| history
apps/pkcs12.c		patch \| blob \| blame \| history
apps/smime.c		patch \| blob \| blame \| history