Coverity Fixes

x_algor.c: Explicit null dereferenced cms_sd.c: Resource leak ts_rsp_sign.c Resource Leak extensions_srvr.c: Resourse Leak v3_alt.c: Resourse Leak pcy_data.c: Resource Leak cms_lib.c: Resource Leak drbg_lib.c: Unchecked return code Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12531)
2025-02-17 14:32:04 +08:00 · 2020-09-07 17:44:38 +10:00 · 2020-09-07 17:44:38 +10:00 · 309e73dfe0
commit 309e73dfe0
parent 56456c3404
8 changed files with 23 additions and 10 deletions
--- a/crypto/asn1/x_algor.c
+++ b/crypto/asn1/x_algor.c
@ -110,13 +110,17 @@ int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src)
        if ((dest->algorithm = OBJ_dup(src->algorithm)) == NULL)
 	    return 0;

-    if (src->parameter)
+    if (src->parameter) {
+        dest->parameter = ASN1_TYPE_new();
+        if (dest->parameter == NULL)
+            return 0;
+
        /* Assuming this is also correct for a BOOL.
         * set does copy as a side effect.
         */
        if (ASN1_TYPE_set1(dest->parameter, 
-              src->parameter->type, src->parameter->value.ptr) == 0)
-	    return 0;
-
+                src->parameter->type, src->parameter->value.ptr) == 0)
+            return 0;
+    }
    return 1;
 }
--- a/crypto/cms/cms_lib.c
+++ b/crypto/cms/cms_lib.c
@ -92,12 +92,13 @@ BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont)

    default:
        CMSerr(CMS_F_CMS_DATAINIT, CMS_R_UNSUPPORTED_TYPE);
-        return NULL;
+        goto err;
    }

    if (cmsbio)
        return BIO_push(cmsbio, cont);

+err:
    if (!icont)
        BIO_free(cont);
    return NULL;
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@ -897,8 +897,10 @@ int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
    ASN1_INTEGER *key = NULL;
    if (keysize > 0) {
        key = ASN1_INTEGER_new();
-        if (key == NULL || !ASN1_INTEGER_set(key, keysize))
+        if (key == NULL || !ASN1_INTEGER_set(key, keysize)) {
+            ASN1_INTEGER_free(key);
            return 0;
+        }
    }
    alg = X509_ALGOR_new();
    if (alg == NULL) {
--- a/crypto/rand/drbg_lib.c
+++ b/crypto/rand/drbg_lib.c
@ -330,7 +330,7 @@ int RAND_DRBG_instantiate(RAND_DRBG *drbg,
    drbg->reseed_next_counter = tsan_load(&drbg->reseed_prop_counter);
    if (drbg->reseed_next_counter) {
        drbg->reseed_next_counter++;
-        if(!drbg->reseed_next_counter)
+        if (!drbg->reseed_next_counter)
            drbg->reseed_next_counter = 1;
    }

@ -432,7 +432,7 @@ int RAND_DRBG_reseed(RAND_DRBG *drbg,
    drbg->reseed_next_counter = tsan_load(&drbg->reseed_prop_counter);
    if (drbg->reseed_next_counter) {
        drbg->reseed_next_counter++;
-        if(!drbg->reseed_next_counter)
+        if (!drbg->reseed_next_counter)
            drbg->reseed_next_counter = 1;
    }

@ -554,7 +554,9 @@ int rand_drbg_restart(RAND_DRBG *drbg,
            drbg->meth->reseed(drbg, adin, adinlen, NULL, 0);
        } else if (reseeded == 0) {
            /* do a full reseeding if it has not been done yet above */
-            RAND_DRBG_reseed(drbg, NULL, 0, 0);
+            if (!RAND_DRBG_reseed(drbg, NULL, 0, 0)) {
+                RANDerr(RAND_F_RAND_DRBG_RESTART, RAND_R_RESEED_ERROR);
+            }
        }
    }

--- a/crypto/ts/ts_rsp_sign.c
+++ b/crypto/ts/ts_rsp_sign.c
@ -57,12 +57,14 @@ static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *ctx, void *data)
        goto err;
    if (!ASN1_INTEGER_set(serial, 1))
        goto err;
+
    return serial;

 err:
    TSerr(TS_F_DEF_SERIAL_CB, ERR_R_MALLOC_FAILURE);
    TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
                                "Error during serial number generation.");
+    ASN1_INTEGER_free(serial);
    return NULL;
 }

--- a/crypto/x509v3/pcy_data.c
+++ b/crypto/x509v3/pcy_data.c
@ -52,6 +52,7 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy,
    ret = OPENSSL_zalloc(sizeof(*ret));
    if (ret == NULL) {
        X509V3err(X509V3_F_POLICY_DATA_NEW, ERR_R_MALLOC_FAILURE);
+        ASN1_OBJECT_free(id);
        return NULL;
    }
    ret->expected_policy_set = sk_ASN1_OBJECT_new_null();
--- a/crypto/x509v3/v3_alt.c
+++ b/crypto/x509v3/v3_alt.c
@ -275,6 +275,7 @@ static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens)
    num = sk_GENERAL_NAME_num(ialt);
    if (!sk_GENERAL_NAME_reserve(gens, num)) {
        X509V3err(X509V3_F_COPY_ISSUER, ERR_R_MALLOC_FAILURE);
+        sk_GENERAL_NAME_free(ialt);
        goto err;
    }

--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@ -1151,7 +1151,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
            if (sesstmp == NULL) {
                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
                         SSL_F_TLS_PARSE_CTOS_PSK, ERR_R_INTERNAL_ERROR);
-                return 0;
+                goto err;
            }
            SSL_SESSION_free(sess);
            sess = sesstmp;