Don't leak memory if realloc fails. RT#4403 Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
diff --git a/apps/apps.c b/apps/apps.c index 537d43a..c7e01b0 100644 --- a/apps/apps.c +++ b/apps/apps.c
@@ -176,8 +176,6 @@ if (arg->size == 0) { arg->size = 20; arg->argv = app_malloc(sizeof(*arg->argv) * arg->size, "argv space"); - if (arg->argv == NULL) - return 0; } for (p = buf;;) { @@ -189,11 +187,12 @@ /* The start of something good :-) */ if (arg->argc >= arg->size) { + char **tmp; arg->size += 20; - arg->argv = OPENSSL_realloc(arg->argv, - sizeof(*arg->argv) * arg->size); - if (arg->argv == NULL) + tmp = OPENSSL_realloc(arg->argv, sizeof(*arg->argv) * arg->size); + if (tmp == NULL) return 0; + arg->argv = tmp; } quoted = *p == '\'' || *p == '"'; if (quoted)
diff --git a/apps/engine.c b/apps/engine.c index b60bfbc..3b395b1 100644 --- a/apps/engine.c +++ b/apps/engine.c
@@ -107,13 +107,17 @@ } if (strlen(*buf) + strlen(s) >= (unsigned int)*size) { + char *tmp; *size += 256; - *buf = OPENSSL_realloc(*buf, *size); + tmp = OPENSSL_realloc(*buf, *size); + if (tmp == NULL) { + OPENSSL_free(*buf); + *buf = NULL; + return 0; + } + *buf = tmp; } - if (*buf == NULL) - return 0; - if (**buf != '\0') OPENSSL_strlcat(*buf, ", ", *size); OPENSSL_strlcat(*buf, s, *size);
diff --git a/crypto/modes/ocb128.c b/crypto/modes/ocb128.c index 3c17aa5..cb99d09 100644 --- a/crypto/modes/ocb128.c +++ b/crypto/modes/ocb128.c
@@ -147,6 +147,7 @@ /* We don't have it - so calculate it */ if (idx >= ctx->max_l_index) { + void *tmp_ptr; /* * Each additional entry allows to process almost double as * much data, so that in linear world the table will need to @@ -157,10 +158,11 @@ * the index. */ ctx->max_l_index += (idx - ctx->max_l_index + 4) & ~3; - ctx->l = + tmp_ptr = OPENSSL_realloc(ctx->l, ctx->max_l_index * sizeof(OCB_BLOCK)); - if (ctx->l == NULL) + if (tmp_ptr == NULL) /* prevent ctx->l from being clobbered */ return NULL; + ctx->l = tmp_ptr; } while (l_index < idx) { ocb_double(ctx->l + l_index, ctx->l + l_index + 1);
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index f1280ad..88dce79 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c
@@ -940,6 +940,7 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file) { unsigned char *serverinfo = NULL; + unsigned char *tmp; size_t serverinfo_length = 0; unsigned char *extension = 0; long extension_length = 0; @@ -999,12 +1000,13 @@ goto end; } /* Append the decoded extension to the serverinfo buffer */ - serverinfo = + tmp = OPENSSL_realloc(serverinfo, serverinfo_length + extension_length); - if (serverinfo == NULL) { + if (tmp == NULL) { SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_MALLOC_FAILURE); goto end; } + serverinfo = tmp; memcpy(serverinfo + serverinfo_length, extension, extension_length); serverinfo_length += extension_length;
diff --git a/ssl/t1_ext.c b/ssl/t1_ext.c index 3bbe1fd..2816131 100644 --- a/ssl/t1_ext.c +++ b/ssl/t1_ext.c
@@ -205,7 +205,7 @@ void *add_arg, custom_ext_parse_cb parse_cb, void *parse_arg) { - custom_ext_method *meth; + custom_ext_method *meth, *tmp; /* * Check application error: if add_cb is not set free_cb will never be * called. @@ -225,15 +225,17 @@ /* Search for duplicate */ if (custom_ext_find(exts, ext_type)) return 0; - exts->meths = OPENSSL_realloc(exts->meths, - (exts->meths_count + - 1) * sizeof(custom_ext_method)); + tmp = OPENSSL_realloc(exts->meths, + (exts->meths_count + 1) * sizeof(custom_ext_method)); - if (!exts->meths) { + if (tmp == NULL) { + OPENSSL_free(exts->meths); + exts->meths = NULL; exts->meths_count = 0; return 0; } + exts->meths = tmp; meth = exts->meths + exts->meths_count; memset(meth, 0, sizeof(*meth)); meth->parse_cb = parse_cb;