diff options
| author | Adam Langley <agl@google.com> | 2016-02-29 19:08:11 +0300 |
|---|---|---|
| committer | David Benjamin <davidben@google.com> | 2016-02-29 23:56:19 +0300 |
| commit | 7e8ed440135c166d0a29e28548b485b66d1645b8 (patch) | |
| tree | 0a4d2e40611a25a15254a32cdbaf26247d4fb5de /crypto/asn1 | |
| parent | a14934ff2de02c6a12cc34272a26816940e93a60 (diff) | |
Fix possible memory leak on BUF_MEM_grow_clean failure
(Imported from upstream's e9cf5f03666bb82f0184e4f013702d0b164afdca and
29305f4edc886db349f2beedb345f9dd93311c09)
Change-Id: I0fa019e9d337676a84a7a6c103d2c4e14e18aede
Reviewed-on: https://boringssl-review.googlesource.com/7240
Reviewed-by: David Benjamin <davidben@google.com>
Diffstat (limited to 'crypto/asn1')
| -rw-r--r-- | crypto/asn1/tasn_dec.c | 13 |
1 files changed, 5 insertions, 8 deletions
diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index fd07fa24..31afe0b4 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -712,7 +712,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, long plen; char cst, inf, free_cont = 0; const unsigned char *p; - BUF_MEM buf; + BUF_MEM buf = {0, NULL, 0 }; const unsigned char *cont = NULL; long len; if (!pval) { @@ -786,7 +786,6 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, } else { len = p - cont + plen; p += plen; - buf.data = NULL; } } else if (cst) { if (utype == V_ASN1_NULL || utype == V_ASN1_BOOLEAN @@ -797,9 +796,8 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, return 0; } - buf.length = 0; - buf.max = 0; - buf.data = NULL; + /* Free any returned 'buf' content */ + free_cont = 1; /* * Should really check the internal tags are correct but some things * may get this wrong. The relevant specs say that constructed string @@ -807,18 +805,16 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, * So instead just check for UNIVERSAL class and ignore the tag. */ if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0)) { - free_cont = 1; goto err; } len = buf.length; /* Append a final null to string */ if (!BUF_MEM_grow_clean(&buf, len + 1)) { OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); - return 0; + goto err; } buf.data[len] = 0; cont = (const unsigned char *)buf.data; - free_cont = 1; } else { cont = p; len = plen; @@ -826,6 +822,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, } /* We now have content length and type: translate into a structure */ + /* asn1_ex_c2i may reuse allocated buffer, and so sets free_cont to 0 */ if (!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it)) goto err; |