From 1eed2c0e40ad363da9b00966e1b19f451dee8fad Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@chromium.org>
Date: Sun, 8 Feb 2015 23:20:06 -0500
Subject: Fix some unchecked mallocs.

BUG=456599

Change-Id: Id0652c2aff1cb8a5de35350feb8410285b3fef20
Reviewed-on: https://boringssl-review.googlesource.com/3330
Reviewed-by: Adam Langley <agl@google.com>
---
 crypto/rand/urandom.c  | 4 ++++
 crypto/x509/by_dir.c   | 6 ++++++
 crypto/x509v3/v3_alt.c | 2 ++
 3 files changed, 12 insertions(+)

(limited to 'crypto')

diff --git a/crypto/rand/urandom.c b/crypto/rand/urandom.c
index 2ad4af06..a7e2ad82 100644
--- a/crypto/rand/urandom.c
+++ b/crypto/rand/urandom.c
@@ -188,6 +188,10 @@ int RAND_bytes(uint8_t *out, size_t requested) {
 
     if (!buf) {
       buf = (struct rand_buffer *)OPENSSL_malloc(BUF_SIZE);
+      if (!buf) {
+        abort();
+        return 0;
+      }
       /* The buffer doesn't contain any random bytes yet
        * so we mark it as fully used so that it will be
        * filled below. */
diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c
index 5a77b818..3573c86f 100644
--- a/crypto/x509/by_dir.c
+++ b/crypto/x509/by_dir.c
@@ -442,6 +442,12 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
 				if (!hent)
 					{
 					hent = OPENSSL_malloc(sizeof(BY_DIR_HASH));
+					if (hent == NULL)
+						{
+						CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+						ok = 0;
+						goto finish;
+						}
 					hent->hash = h;
 					hent->suffix = k;
 					if (!sk_BY_DIR_HASH_push(ent->hashes, hent))
diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c
index 113cf45a..f547316e 100644
--- a/crypto/x509v3/v3_alt.c
+++ b/crypto/x509v3/v3_alt.c
@@ -583,6 +583,8 @@ static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
 		return 0;
 	objlen = p - value;
 	objtmp = OPENSSL_malloc(objlen + 1);
+	if (objtmp == NULL)
+		return 0;
 	strncpy(objtmp, value, objlen);
 	objtmp[objlen] = 0;
 	gen->d.otherName->type_id = OBJ_txt2obj(objtmp, 0);
-- 
cgit v1.2.3