From: Frederik Wedel-Heinen Date: Sat, 21 Dec 2024 20:15:36 +0000 (+0100) Subject: Fix memory leaks from missing checks of return value from sk_OPENSSL_STRING_push() X-Git-Tag: openssl-3.0.16~27 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a91ef0fb6416ea2efafa1cf2c75472269c5cb52f;p=thirdparty%2Fopenssl.git Fix memory leaks from missing checks of return value from sk_OPENSSL_STRING_push() Reviewed-by: Saša Nedvědický Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/26238) (cherry picked from commit d48874ab477be0fa3df11bfcc38c043b8f7ab8e2) --- diff --git a/apps/asn1parse.c b/apps/asn1parse.c index f0bfd1d45fc..f07a6214b79 100644 --- a/apps/asn1parse.c +++ b/apps/asn1parse.c @@ -127,7 +127,8 @@ int asn1parse_main(int argc, char **argv) dump = strtol(opt_arg(), NULL, 0); break; case OPT_STRPARSE: - sk_OPENSSL_STRING_push(osk, opt_arg()); + if (sk_OPENSSL_STRING_push(osk, opt_arg()) <= 0) + goto end; break; case OPT_GENSTR: genstr = opt_arg(); diff --git a/apps/cms.c b/apps/cms.c index 7117b9617e7..f52aab3534e 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -494,13 +494,15 @@ int cms_main(int argc, char **argv) if (rr_from == NULL && (rr_from = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(rr_from, opt_arg()); + if (sk_OPENSSL_STRING_push(rr_from, opt_arg()) <= 0) + goto end; break; case OPT_RR_TO: if (rr_to == NULL && (rr_to = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(rr_to, opt_arg()); + if (sk_OPENSSL_STRING_push(rr_to, opt_arg()) <= 0) + goto end; break; case OPT_PRINT: noout = print = 1; @@ -577,13 +579,15 @@ int cms_main(int argc, char **argv) if (sksigners == NULL && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(sksigners, signerfile); + if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0) + goto end; if (keyfile == NULL) keyfile = signerfile; if (skkeys == NULL && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(skkeys, keyfile); + if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0) + goto end; keyfile = NULL; } signerfile = opt_arg(); @@ -601,12 +605,14 @@ int cms_main(int argc, char **argv) if (sksigners == NULL && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(sksigners, signerfile); + if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0) + goto end; signerfile = NULL; if (skkeys == NULL && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(skkeys, keyfile); + if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0) + goto end; } keyfile = opt_arg(); break; @@ -660,7 +666,8 @@ int cms_main(int argc, char **argv) key_param->next = nparam; key_param = nparam; } - sk_OPENSSL_STRING_push(key_param->param, opt_arg()); + if (sk_OPENSSL_STRING_push(key_param->param, opt_arg()) <= 0) + goto end; break; case OPT_V_CASES: if (!opt_verify(o, vpm)) @@ -749,12 +756,14 @@ int cms_main(int argc, char **argv) if (sksigners == NULL && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(sksigners, signerfile); + if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0) + goto end; if (skkeys == NULL && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) goto end; if (keyfile == NULL) keyfile = signerfile; - sk_OPENSSL_STRING_push(skkeys, keyfile); + if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0) + goto end; } if (sksigners == NULL) { BIO_printf(bio_err, "No signer certificate specified\n"); diff --git a/apps/engine.c b/apps/engine.c index 1b0f64309c6..bb4e326a80b 100644 --- a/apps/engine.c +++ b/apps/engine.c @@ -352,10 +352,12 @@ int engine_main(int argc, char **argv) test_avail++; break; case OPT_PRE: - sk_OPENSSL_STRING_push(pre_cmds, opt_arg()); + if (sk_OPENSSL_STRING_push(pre_cmds, opt_arg()) <= 0) + goto end; break; case OPT_POST: - sk_OPENSSL_STRING_push(post_cmds, opt_arg()); + if (sk_OPENSSL_STRING_push(post_cmds, opt_arg()) <= 0) + goto end; break; } } diff --git a/apps/pkcs12.c b/apps/pkcs12.c index ab78903ee9c..b4a111fdb52 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -305,7 +305,8 @@ int pkcs12_main(int argc, char **argv) if (canames == NULL && (canames = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(canames, opt_arg()); + if (sk_OPENSSL_STRING_push(canames, opt_arg()) <= 0) + goto end; break; case OPT_IN: infile = opt_arg(); diff --git a/apps/smime.c b/apps/smime.c index 651294e46da..7ee4d234868 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -279,13 +279,15 @@ int smime_main(int argc, char **argv) if (sksigners == NULL && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(sksigners, signerfile); + if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0) + goto end; if (keyfile == NULL) keyfile = signerfile; if (skkeys == NULL && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(skkeys, keyfile); + if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0) + goto end; keyfile = NULL; } signerfile = opt_arg(); @@ -310,12 +312,14 @@ int smime_main(int argc, char **argv) if (sksigners == NULL && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(sksigners, signerfile); + if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0) + goto end; signerfile = NULL; if (skkeys == NULL && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(skkeys, keyfile); + if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0) + goto end; } keyfile = opt_arg(); break; @@ -390,12 +394,14 @@ int smime_main(int argc, char **argv) if (sksigners == NULL && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(sksigners, signerfile); + if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0) + goto end; if (!skkeys && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) goto end; if (!keyfile) keyfile = signerfile; - sk_OPENSSL_STRING_push(skkeys, keyfile); + if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0) + goto end; } if (sksigners == NULL) { BIO_printf(bio_err, "No signer certificate specified\n");