From a91ef0fb6416ea2efafa1cf2c75472269c5cb52f Mon Sep 17 00:00:00 2001 From: Frederik Wedel-Heinen Date: Sat, 21 Dec 2024 21:15:36 +0100 Subject: [PATCH] Fix memory leaks from missing checks of return value from sk_OPENSSL_STRING_push() MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Reviewed-by: Saša Nedvědický Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/26238) (cherry picked from commit d48874ab477be0fa3df11bfcc38c043b8f7ab8e2) --- apps/asn1parse.c | 3 ++- apps/cms.c | 27 ++++++++++++++++++--------- apps/engine.c | 6 ++++-- apps/pkcs12.c | 3 ++- apps/smime.c | 18 ++++++++++++------ 5 files changed, 38 insertions(+), 19 deletions(-) diff --git a/apps/asn1parse.c b/apps/asn1parse.c index f0bfd1d45fc..f07a6214b79 100644 --- a/apps/asn1parse.c +++ b/apps/asn1parse.c @@ -127,7 +127,8 @@ int asn1parse_main(int argc, char **argv) dump = strtol(opt_arg(), NULL, 0); break; case OPT_STRPARSE: - sk_OPENSSL_STRING_push(osk, opt_arg()); + if (sk_OPENSSL_STRING_push(osk, opt_arg()) <= 0) + goto end; break; case OPT_GENSTR: genstr = opt_arg(); diff --git a/apps/cms.c b/apps/cms.c index 7117b9617e7..f52aab3534e 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -494,13 +494,15 @@ int cms_main(int argc, char **argv) if (rr_from == NULL && (rr_from = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(rr_from, opt_arg()); + if (sk_OPENSSL_STRING_push(rr_from, opt_arg()) <= 0) + goto end; break; case OPT_RR_TO: if (rr_to == NULL && (rr_to = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(rr_to, opt_arg()); + if (sk_OPENSSL_STRING_push(rr_to, opt_arg()) <= 0) + goto end; break; case OPT_PRINT: noout = print = 1; @@ -577,13 +579,15 @@ int cms_main(int argc, char **argv) if (sksigners == NULL && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(sksigners, signerfile); + if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0) + goto end; if (keyfile == NULL) keyfile = signerfile; if (skkeys == NULL && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(skkeys, keyfile); + if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0) + goto end; keyfile = NULL; } signerfile = opt_arg(); @@ -601,12 +605,14 @@ int cms_main(int argc, char **argv) if (sksigners == NULL && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(sksigners, signerfile); + if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0) + goto end; signerfile = NULL; if (skkeys == NULL && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(skkeys, keyfile); + if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0) + goto end; } keyfile = opt_arg(); break; @@ -660,7 +666,8 @@ int cms_main(int argc, char **argv) key_param->next = nparam; key_param = nparam; } - sk_OPENSSL_STRING_push(key_param->param, opt_arg()); + if (sk_OPENSSL_STRING_push(key_param->param, opt_arg()) <= 0) + goto end; break; case OPT_V_CASES: if (!opt_verify(o, vpm)) @@ -749,12 +756,14 @@ int cms_main(int argc, char **argv) if (sksigners == NULL && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(sksigners, signerfile); + if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0) + goto end; if (skkeys == NULL && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) goto end; if (keyfile == NULL) keyfile = signerfile; - sk_OPENSSL_STRING_push(skkeys, keyfile); + if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0) + goto end; } if (sksigners == NULL) { BIO_printf(bio_err, "No signer certificate specified\n"); diff --git a/apps/engine.c b/apps/engine.c index 1b0f64309c6..bb4e326a80b 100644 --- a/apps/engine.c +++ b/apps/engine.c @@ -352,10 +352,12 @@ int engine_main(int argc, char **argv) test_avail++; break; case OPT_PRE: - sk_OPENSSL_STRING_push(pre_cmds, opt_arg()); + if (sk_OPENSSL_STRING_push(pre_cmds, opt_arg()) <= 0) + goto end; break; case OPT_POST: - sk_OPENSSL_STRING_push(post_cmds, opt_arg()); + if (sk_OPENSSL_STRING_push(post_cmds, opt_arg()) <= 0) + goto end; break; } } diff --git a/apps/pkcs12.c b/apps/pkcs12.c index ab78903ee9c..b4a111fdb52 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -305,7 +305,8 @@ int pkcs12_main(int argc, char **argv) if (canames == NULL && (canames = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(canames, opt_arg()); + if (sk_OPENSSL_STRING_push(canames, opt_arg()) <= 0) + goto end; break; case OPT_IN: infile = opt_arg(); diff --git a/apps/smime.c b/apps/smime.c index 651294e46da..7ee4d234868 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -279,13 +279,15 @@ int smime_main(int argc, char **argv) if (sksigners == NULL && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(sksigners, signerfile); + if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0) + goto end; if (keyfile == NULL) keyfile = signerfile; if (skkeys == NULL && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(skkeys, keyfile); + if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0) + goto end; keyfile = NULL; } signerfile = opt_arg(); @@ -310,12 +312,14 @@ int smime_main(int argc, char **argv) if (sksigners == NULL && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(sksigners, signerfile); + if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0) + goto end; signerfile = NULL; if (skkeys == NULL && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(skkeys, keyfile); + if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0) + goto end; } keyfile = opt_arg(); break; @@ -390,12 +394,14 @@ int smime_main(int argc, char **argv) if (sksigners == NULL && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(sksigners, signerfile); + if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0) + goto end; if (!skkeys && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) goto end; if (!keyfile) keyfile = signerfile; - sk_OPENSSL_STRING_push(skkeys, keyfile); + if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0) + goto end; } if (sksigners == NULL) { BIO_printf(bio_err, "No signer certificate specified\n"); -- 2.47.2