pub_decode_gost94, pub_decode_gost01: check for NULL after allocating databuf pub_encode_gost94, pub_encode_gost01: check for NULL after allocating databuf and octet Signed-off-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
diff --git a/engines/ccgost/e_gost_err.h b/engines/ccgost/e_gost_err.h index 6dc5000..6049e30 100644 --- a/engines/ccgost/e_gost_err.h +++ b/engines/ccgost/e_gost_err.h
@@ -111,6 +111,7 @@ #define GOST_F_PUB_DECODE_GOST01 133 #define GOST_F_PUB_DECODE_GOST94 134 #define GOST_F_PUB_ENCODE_GOST01 135 +#define GOST_F_PUB_ENCODE_GOST94 141 #define GOST_F_UNPACK_CC_SIGNATURE 136 #define GOST_F_UNPACK_CP_SIGNATURE 137
diff --git a/engines/ccgost/gost_ameth.c b/engines/ccgost/gost_ameth.c index 8b9230b..f20f1a7 100644 --- a/engines/ccgost/gost_ameth.c +++ b/engines/ccgost/gost_ameth.c
@@ -624,6 +624,12 @@ return 0; } databuf = OPENSSL_malloc(octet->length); + if (databuf == NULL) + { + GOSTerr(GOST_F_PUB_DECODE_GOST94,ERR_R_MALLOC_FAILURE); + ASN1_OCTET_STRING_free(octet); + return 0; + } for (i=0,j=octet->length-1;i<octet->length;i++,j--) { databuf[j]=octet->data[i]; @@ -655,8 +661,19 @@ } data_len = BN_num_bytes(dsa->pub_key); databuf = OPENSSL_malloc(data_len); + if (databuf == NULL) + { + GOSTerr(GOST_F_PUB_ENCODE_GOST94,ERR_R_MALLOC_FAILURE); + return 0; + } BN_bn2bin(dsa->pub_key,databuf); octet = ASN1_OCTET_STRING_new(); + if (octet == NULL) + { + GOSTerr(GOST_F_PUB_ENCODE_GOST94,ERR_R_MALLOC_FAILURE); + OPENSSL_free(databuf); + return 0; + } ASN1_STRING_set(octet,NULL,data_len); sptr = ASN1_STRING_data(octet); for (i=0,j=data_len-1; i< data_len;i++,j--) @@ -695,6 +712,12 @@ return 0; } databuf = OPENSSL_malloc(octet->length); + if (databuf == NULL) + { + GOSTerr(GOST_F_PUB_DECODE_GOST01,ERR_R_MALLOC_FAILURE); + ASN1_OCTET_STRING_free(octet); + return 0; + } for (i=0,j=octet->length-1;i<octet->length;i++,j--) { databuf[j]=octet->data[i]; @@ -756,6 +779,7 @@ { GOSTerr(GOST_F_PUB_ENCODE_GOST01, GOST_R_PUBLIC_KEY_UNDEFINED); + BN_free(order); return 0; } X=BN_new(); @@ -765,6 +789,13 @@ data_len = 2*BN_num_bytes(order); BN_free(order); databuf = OPENSSL_malloc(data_len); + if (databuf == NULL) + { + GOSTerr(GOST_F_PUB_ENCODE_GOST01,ERR_R_MALLOC_FAILURE); + BN_free(X); + BN_free(Y); + return 0; + } memset(databuf,0,data_len); store_bignum(X,databuf+data_len/2,data_len/2); @@ -773,6 +804,12 @@ BN_free(X); BN_free(Y); octet = ASN1_OCTET_STRING_new(); + if (octet == NULL) + { + GOSTerr(GOST_F_PUB_ENCODE_GOST01,ERR_R_MALLOC_FAILURE); + OPENSSL_free(databuf); + return 0; + } ASN1_STRING_set(octet,NULL,data_len); sptr=ASN1_STRING_data(octet); for (i=0,j=data_len-1;i<data_len;i++,j--)