Don't leak memory if realloc fails.
RT#4403
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
diff --git a/apps/apps.c b/apps/apps.c
index 537d43a..c7e01b0 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -176,8 +176,6 @@
if (arg->size == 0) {
arg->size = 20;
arg->argv = app_malloc(sizeof(*arg->argv) * arg->size, "argv space");
- if (arg->argv == NULL)
- return 0;
}
for (p = buf;;) {
@@ -189,11 +187,12 @@
/* The start of something good :-) */
if (arg->argc >= arg->size) {
+ char **tmp;
arg->size += 20;
- arg->argv = OPENSSL_realloc(arg->argv,
- sizeof(*arg->argv) * arg->size);
- if (arg->argv == NULL)
+ tmp = OPENSSL_realloc(arg->argv, sizeof(*arg->argv) * arg->size);
+ if (tmp == NULL)
return 0;
+ arg->argv = tmp;
}
quoted = *p == '\'' || *p == '"';
if (quoted)
diff --git a/apps/engine.c b/apps/engine.c
index b60bfbc..3b395b1 100644
--- a/apps/engine.c
+++ b/apps/engine.c
@@ -107,13 +107,17 @@
}
if (strlen(*buf) + strlen(s) >= (unsigned int)*size) {
+ char *tmp;
*size += 256;
- *buf = OPENSSL_realloc(*buf, *size);
+ tmp = OPENSSL_realloc(*buf, *size);
+ if (tmp == NULL) {
+ OPENSSL_free(*buf);
+ *buf = NULL;
+ return 0;
+ }
+ *buf = tmp;
}
- if (*buf == NULL)
- return 0;
-
if (**buf != '\0')
OPENSSL_strlcat(*buf, ", ", *size);
OPENSSL_strlcat(*buf, s, *size);
diff --git a/crypto/modes/ocb128.c b/crypto/modes/ocb128.c
index 3c17aa5..cb99d09 100644
--- a/crypto/modes/ocb128.c
+++ b/crypto/modes/ocb128.c
@@ -147,6 +147,7 @@
/* We don't have it - so calculate it */
if (idx >= ctx->max_l_index) {
+ void *tmp_ptr;
/*
* Each additional entry allows to process almost double as
* much data, so that in linear world the table will need to
@@ -157,10 +158,11 @@
* the index.
*/
ctx->max_l_index += (idx - ctx->max_l_index + 4) & ~3;
- ctx->l =
+ tmp_ptr =
OPENSSL_realloc(ctx->l, ctx->max_l_index * sizeof(OCB_BLOCK));
- if (ctx->l == NULL)
+ if (tmp_ptr == NULL) /* prevent ctx->l from being clobbered */
return NULL;
+ ctx->l = tmp_ptr;
}
while (l_index < idx) {
ocb_double(ctx->l + l_index, ctx->l + l_index + 1);
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index f1280ad..88dce79 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -940,6 +940,7 @@
int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
{
unsigned char *serverinfo = NULL;
+ unsigned char *tmp;
size_t serverinfo_length = 0;
unsigned char *extension = 0;
long extension_length = 0;
@@ -999,12 +1000,13 @@
goto end;
}
/* Append the decoded extension to the serverinfo buffer */
- serverinfo =
+ tmp =
OPENSSL_realloc(serverinfo, serverinfo_length + extension_length);
- if (serverinfo == NULL) {
+ if (tmp == NULL) {
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_MALLOC_FAILURE);
goto end;
}
+ serverinfo = tmp;
memcpy(serverinfo + serverinfo_length, extension, extension_length);
serverinfo_length += extension_length;
diff --git a/ssl/t1_ext.c b/ssl/t1_ext.c
index 3bbe1fd..2816131 100644
--- a/ssl/t1_ext.c
+++ b/ssl/t1_ext.c
@@ -205,7 +205,7 @@
void *add_arg,
custom_ext_parse_cb parse_cb, void *parse_arg)
{
- custom_ext_method *meth;
+ custom_ext_method *meth, *tmp;
/*
* Check application error: if add_cb is not set free_cb will never be
* called.
@@ -225,15 +225,17 @@
/* Search for duplicate */
if (custom_ext_find(exts, ext_type))
return 0;
- exts->meths = OPENSSL_realloc(exts->meths,
- (exts->meths_count +
- 1) * sizeof(custom_ext_method));
+ tmp = OPENSSL_realloc(exts->meths,
+ (exts->meths_count + 1) * sizeof(custom_ext_method));
- if (!exts->meths) {
+ if (tmp == NULL) {
+ OPENSSL_free(exts->meths);
+ exts->meths = NULL;
exts->meths_count = 0;
return 0;
}
+ exts->meths = tmp;
meth = exts->meths + exts->meths_count;
memset(meth, 0, sizeof(*meth));
meth->parse_cb = parse_cb;
