kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix theoretical memory leak on malloc error in CBS_asn1_ber_to_der.

Browse Source 
On failure, CBB_finish doesn't call CBB_cleanup. Also chain more of the ||s
together now that CBB_cleanup after failed CBB_init is legal.

(I don't think this is actually reachable because the CBB is guaranteed to be
flushed by this point.)

Change-Id: Ib16a0a185f15e13675ac2550c5e8e0926ceb7957
Reviewed-on: https://boringssl-review.googlesource.com/7051
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2016-01-08 16:34:51 -08:00 committed by Adam Langley
parent 168297e870
commit 11aac10987
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
crypto/bytestring/ber.c
View File

@ -209,13 +209,12 @@ int CBS_asn1_ber_to_der(CBS *in, uint8_t **out, size_t *out_len) {
return 1;
}
if (!CBB_init(&cbb, CBS_len(in))) {
return 0;
}
if (!cbs_convert_ber(in, &cbb, 0, 0, 0)) {
if (!CBB_init(&cbb, CBS_len(in)) ||
!cbs_convert_ber(in, &cbb, 0, 0, 0) ||
!CBB_finish(&cbb, out, out_len)) {
CBB_cleanup(&cbb);
return 0;
}
return CBB_finish(&cbb, out, out_len);
return 1;
}