From 270a4bba49849de7f928f4fab186205abd132411 Mon Sep 17 00:00:00 2001 From: FdaSilvaYY Date: Thu, 28 Sep 2017 23:30:22 +0200 Subject: [PATCH] Use more pre-allocation Reviewed-by: Andy Polyakov Reviewed-by: Paul Dale Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/4379) --- crypto/x509v3/v3_alt.c | 58 +++++++++++++++++++++++++--------------- crypto/x509v3/v3_cpols.c | 23 +++++++++------- crypto/x509v3/v3_crld.c | 23 +++++++--------- crypto/x509v3/v3_extku.c | 9 ++++--- crypto/x509v3/v3_pmaps.c | 10 ++++--- 5 files changed, 72 insertions(+), 51 deletions(-) diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c index 598cffd58c..f082388d55 100644 --- a/crypto/x509v3/v3_alt.c +++ b/crypto/x509v3/v3_alt.c @@ -201,25 +201,28 @@ static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) { - GENERAL_NAMES *gens = NULL; - CONF_VALUE *cnf; + GENERAL_NAMES *gens = sk_GENERAL_NAME_new_null(); + const int num = sk_CONF_VALUE_num(nval); int i; - if ((gens = sk_GENERAL_NAME_new_null()) == NULL) { + if (gens == NULL || !sk_GENERAL_NAME_reserve(gens, num)) { X509V3err(X509V3_F_V2I_ISSUER_ALT, ERR_R_MALLOC_FAILURE); + sk_GENERAL_NAME_free(gens); return NULL; } - for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { - cnf = sk_CONF_VALUE_value(nval, i); + for (i = 0; i < num; i++) { + CONF_VALUE *cnf = sk_CONF_VALUE_value(nval, i); + if (!name_cmp(cnf->name, "issuer") && cnf->value && strcmp(cnf->value, "copy") == 0) { if (!copy_issuer(ctx, gens)) goto err; } else { - GENERAL_NAME *gen; - if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL) + GENERAL_NAME *gen = v2i_GENERAL_NAME(method, ctx, cnf); + + if (gen == NULL) goto err; - sk_GENERAL_NAME_push(gens, gen); + sk_GENERAL_NAME_push(gens, gen); /* no failure as it was reserved */ } } return gens; @@ -235,7 +238,7 @@ static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens) GENERAL_NAMES *ialt; GENERAL_NAME *gen; X509_EXTENSION *ext; - int i; + int i, num; if (ctx && (ctx->flags == CTX_TEST)) return 1; @@ -252,12 +255,15 @@ static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens) goto err; } - for (i = 0; i < sk_GENERAL_NAME_num(ialt); i++) { + num = sk_GENERAL_NAME_num(ialt); + if (!sk_GENERAL_NAME_reserve(gens, num)) { + X509V3err(X509V3_F_COPY_ISSUER, ERR_R_MALLOC_FAILURE); + goto err; + } + + for (i = 0; i < num; i++) { gen = sk_GENERAL_NAME_value(ialt, i); - if (!sk_GENERAL_NAME_push(gens, gen)) { - X509V3err(X509V3_F_COPY_ISSUER, ERR_R_MALLOC_FAILURE); - goto err; - } + sk_GENERAL_NAME_push(gens, gen); /* no failure as it was reserved */ } sk_GENERAL_NAME_free(ialt); @@ -272,15 +278,19 @@ static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) { - GENERAL_NAMES *gens = NULL; + GENERAL_NAMES *gens; CONF_VALUE *cnf; + const int num = sk_CONF_VALUE_num(nval); int i; - if ((gens = sk_GENERAL_NAME_new_null()) == NULL) { + gens = sk_GENERAL_NAME_new_null(); + if (gens == NULL || !sk_GENERAL_NAME_reserve(gens, num)) { X509V3err(X509V3_F_V2I_SUBJECT_ALT, ERR_R_MALLOC_FAILURE); + sk_GENERAL_NAME_free(gens); return NULL; } - for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { + + for (i = 0; i < num; i++) { cnf = sk_CONF_VALUE_value(nval, i); if (!name_cmp(cnf->name, "email") && cnf->value && strcmp(cnf->value, "copy") == 0) { @@ -294,7 +304,7 @@ static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, GENERAL_NAME *gen; if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL) goto err; - sk_GENERAL_NAME_push(gens, gen); + sk_GENERAL_NAME_push(gens, gen); /* no failure as it was reserved */ } } return gens; @@ -365,19 +375,23 @@ GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) { GENERAL_NAME *gen; - GENERAL_NAMES *gens = NULL; + GENERAL_NAMES *gens; CONF_VALUE *cnf; + const int num = sk_CONF_VALUE_num(nval); int i; - if ((gens = sk_GENERAL_NAME_new_null()) == NULL) { + gens = sk_GENERAL_NAME_new_null(); + if (gens == NULL || !sk_GENERAL_NAME_reserve(gens, num)) { X509V3err(X509V3_F_V2I_GENERAL_NAMES, ERR_R_MALLOC_FAILURE); + sk_GENERAL_NAME_free(gens); return NULL; } - for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { + + for (i = 0; i < num; i++) { cnf = sk_CONF_VALUE_value(nval, i); if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL) goto err; - sk_GENERAL_NAME_push(gens, gen); + sk_GENERAL_NAME_push(gens, gen); /* no failure as it was reserved */ } return gens; err: diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c index ea65e0720b..56460a381a 100644 --- a/crypto/x509v3/v3_cpols.c +++ b/crypto/x509v3/v3_cpols.c @@ -88,26 +88,30 @@ IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF) static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *value) { - STACK_OF(POLICYINFO) *pols = NULL; + STACK_OF(POLICYINFO) *pols; char *pstr; POLICYINFO *pol; ASN1_OBJECT *pobj; - STACK_OF(CONF_VALUE) *vals; + STACK_OF(CONF_VALUE) *vals = X509V3_parse_list(value); CONF_VALUE *cnf; + const int num = sk_CONF_VALUE_num(vals); int i, ia5org; - pols = sk_POLICYINFO_new_null(); - if (pols == NULL) { - X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE); - return NULL; - } - vals = X509V3_parse_list(value); + if (vals == NULL) { X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB); + return NULL; + } + + pols = sk_POLICYINFO_new_null(); + if (pols == NULL || !sk_POLICYINFO_reserve(pols, num)) { + X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE); goto err; } + ia5org = 0; - for (i = 0; i < sk_CONF_VALUE_num(vals); i++) { + for (i = 0; i < num; i++) { cnf = sk_CONF_VALUE_value(vals, i); + if (cnf->value || !cnf->name) { X509V3err(X509V3_F_R2I_CERTPOL, X509V3_R_INVALID_POLICY_IDENTIFIER); @@ -241,7 +245,6 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, err: POLICYINFO_free(pol); return NULL; - } static int displaytext_get_tag_len(const char *tagstr) diff --git a/crypto/x509v3/v3_crld.c b/crypto/x509v3/v3_crld.c index c4c77f1851..085a90d2db 100644 --- a/crypto/x509v3/v3_crld.c +++ b/crypto/x509v3/v3_crld.c @@ -205,8 +205,8 @@ static DIST_POINT *crldp_from_section(X509V3_CTX *ctx, { int i; CONF_VALUE *cnf; - DIST_POINT *point = NULL; - point = DIST_POINT_new(); + DIST_POINT *point = DIST_POINT_new(); + if (point == NULL) goto err; for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { @@ -237,16 +237,19 @@ static DIST_POINT *crldp_from_section(X509V3_CTX *ctx, static void *v2i_crld(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) { - STACK_OF(DIST_POINT) *crld = NULL; + STACK_OF(DIST_POINT) *crld; GENERAL_NAMES *gens = NULL; GENERAL_NAME *gen = NULL; CONF_VALUE *cnf; + const int num = sk_CONF_VALUE_num(nval); int i; - if ((crld = sk_DIST_POINT_new_null()) == NULL) + crld = sk_DIST_POINT_new_null(); + if (crld == NULL || !sk_DIST_POINT_reserve(crld, num)) goto merr; - for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { + for (i = 0; i < num; i++) { DIST_POINT *point; + cnf = sk_CONF_VALUE_value(nval, i); if (!cnf->value) { STACK_OF(CONF_VALUE) *dpsect; @@ -257,10 +260,7 @@ static void *v2i_crld(const X509V3_EXT_METHOD *method, X509V3_section_free(ctx, dpsect); if (!point) goto err; - if (!sk_DIST_POINT_push(crld, point)) { - DIST_POINT_free(point); - goto merr; - } + sk_DIST_POINT_push(crld, point); /* no failure as it was reserved */ } else { if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL) goto err; @@ -271,10 +271,7 @@ static void *v2i_crld(const X509V3_EXT_METHOD *method, gen = NULL; if ((point = DIST_POINT_new()) == NULL) goto merr; - if (!sk_DIST_POINT_push(crld, point)) { - DIST_POINT_free(point); - goto merr; - } + sk_DIST_POINT_push(crld, point); /* no failure as it was reserved */ if ((point->distpoint = DIST_POINT_NAME_new()) == NULL) goto merr; point->distpoint->name.fullname = gens; diff --git a/crypto/x509v3/v3_extku.c b/crypto/x509v3/v3_extku.c index bae755e3f2..6cb0d2cc17 100644 --- a/crypto/x509v3/v3_extku.c +++ b/crypto/x509v3/v3_extku.c @@ -74,14 +74,17 @@ static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, char *extval; ASN1_OBJECT *objtmp; CONF_VALUE *val; + const int num = sk_CONF_VALUE_num(nval); int i; - if ((extku = sk_ASN1_OBJECT_new_null()) == NULL) { + extku = sk_ASN1_OBJECT_new_null(); + if (extku == NULL || !sk_ASN1_OBJECT_reserve(extku, num)) { X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE, ERR_R_MALLOC_FAILURE); + sk_ASN1_OBJECT_free(extku); return NULL; } - for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { + for (i = 0; i < num; i++) { val = sk_CONF_VALUE_value(nval, i); if (val->value) extval = val->value; @@ -94,7 +97,7 @@ static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, X509V3_conf_err(val); return NULL; } - sk_ASN1_OBJECT_push(extku, objtmp); + sk_ASN1_OBJECT_push(extku, objtmp); /* no failure as it was reserved */ } return extku; } diff --git a/crypto/x509v3/v3_pmaps.c b/crypto/x509v3/v3_pmaps.c index 73f4ec2467..b9f8f02f4d 100644 --- a/crypto/x509v3/v3_pmaps.c +++ b/crypto/x509v3/v3_pmaps.c @@ -52,6 +52,7 @@ static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD int i; char obj_tmp1[80]; char obj_tmp2[80]; + for (i = 0; i < sk_POLICY_MAPPING_num(pmaps); i++) { pmap = sk_POLICY_MAPPING_value(pmaps, i); i2t_ASN1_OBJECT(obj_tmp1, 80, pmap->issuerDomainPolicy); @@ -64,18 +65,21 @@ static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) { - POLICY_MAPPINGS *pmaps = NULL; POLICY_MAPPING *pmap = NULL; ASN1_OBJECT *obj1 = NULL, *obj2 = NULL; CONF_VALUE *val; + POLICY_MAPPINGS *pmaps; + const int num = sk_CONF_VALUE_num(nval); int i; if ((pmaps = sk_POLICY_MAPPING_new_null()) == NULL) { X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, ERR_R_MALLOC_FAILURE); return NULL; } + if (!sk_POLICY_MAPPING_reserve(pmaps, num)) + goto err; - for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { + for (i = 0; i < num; i++) { val = sk_CONF_VALUE_value(nval, i); if (!val->value || !val->name) { X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, @@ -99,7 +103,7 @@ static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, pmap->issuerDomainPolicy = obj1; pmap->subjectDomainPolicy = obj2; obj1 = obj2 = NULL; - sk_POLICY_MAPPING_push(pmaps, pmap); + sk_POLICY_MAPPING_push(pmaps, pmap); /* no failure as it was reserved */ } return pmaps; err: