Fix error-handling bugs.

Caught by clang scan-build. Change-Id: I133d0338fe38172d687c02099d909366a59ee95b Reviewed-on: https://boringssl-review.googlesource.com/1343 Reviewed-by: Adam Langley <agl@google.com>
2014-07-25 03:58:53 -04:00 · 2014-07-25 03:58:53 -04:00 · 61b66ffcc2
commit 61b66ffcc2
parent 59b3a728dc
3 changed files with 25 additions and 27 deletions
--- a/crypto/rsa/padding.c
+++ b/crypto/rsa/padding.c
@ -474,28 +474,28 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(uint8_t *to, unsigned tlen,
  if (db == NULL) {
    OPENSSL_PUT_ERROR(RSA, RSA_padding_check_PKCS1_OAEP_mgf1,
                      ERR_R_MALLOC_FAILURE);
-    return -1;
+    goto err;
  }

  maskedseed = from + 1;
  maskeddb = from + 1 + mdlen;

  if (PKCS1_MGF1(seed, mdlen, maskeddb, dblen, mgf1md)) {
-    return -1;
+    goto err;
  }
  for (i = 0; i < mdlen; i++) {
    seed[i] ^= maskedseed[i];
  }

  if (PKCS1_MGF1(db, dblen, seed, mdlen, mgf1md)) {
-    return -1;
+    goto err;
  }
  for (i = 0; i < dblen; i++) {
    db[i] ^= maskeddb[i];
  }

  if (!EVP_Digest((void *)param, plen, phash, NULL, md, NULL)) {
-    return -1;
+    goto err;
  }

  bad = CRYPTO_memcmp(db, phash, mdlen);
@ -536,6 +536,7 @@ decoding_err:
   * which kind of decoding error happened */
  OPENSSL_PUT_ERROR(RSA, RSA_padding_check_PKCS1_OAEP_mgf1,
                    RSA_R_OAEP_DECODING_ERROR);
+ err:
  if (db != NULL) {
    OPENSSL_free(db);
  }
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@ -181,34 +181,31 @@ X509_STORE *X509_STORE_new(void)

 	if ((ret=(X509_STORE *)OPENSSL_malloc(sizeof(X509_STORE))) == NULL)
 		return NULL;
+	memset(ret, 0, sizeof(*ret));
 	ret->objs = sk_X509_OBJECT_new(x509_object_cmp);
-	ret->cache=1;
-	ret->get_cert_methods=sk_X509_LOOKUP_new_null();
-	ret->verify=0;
-	ret->verify_cb=0;
+	ret->cache = 1;
+	ret->get_cert_methods = sk_X509_LOOKUP_new_null();

 	if ((ret->param = X509_VERIFY_PARAM_new()) == NULL)
-		return NULL;
-
-	ret->get_issuer = 0;
-	ret->check_issued = 0;
-	ret->check_revocation = 0;
-	ret->get_crl = 0;
-	ret->check_crl = 0;
-	ret->cert_crl = 0;
-	ret->lookup_certs = 0;
-	ret->lookup_crls = 0;
-	ret->cleanup = 0;
+		goto err;

 	if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data))
-		{
-		sk_X509_OBJECT_free(ret->objs);
-		OPENSSL_free(ret);
-		return NULL;
-		}
+		goto err;

-	ret->references=1;
+	ret->references = 1;
 	return ret;
+err:
+	if (ret)
+		{
+		if (ret->param)
+			X509_VERIFY_PARAM_free(ret->param);
+		if (ret->get_cert_methods)
+			sk_X509_LOOKUP_free(ret->get_cert_methods);
+		if (ret->objs)
+			sk_X509_OBJECT_free(ret->objs);
+		OPENSSL_free(ret);
+		}
+	return NULL;
 	}

 static void cleanup(X509_OBJECT *a)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@ -558,7 +558,7 @@ ssl_cipher_preference_list_dup(
 	return ret;

 err:
-	if (ret->ciphers)
+	if (ret && ret->ciphers)
 		sk_SSL_CIPHER_free(ret->ciphers);
 	if (ret)
 		OPENSSL_free(ret);
@ -586,7 +586,7 @@ ssl_cipher_preference_list_from_ciphers(STACK_OF(SSL_CIPHER) *ciphers)
 	return ret;

 err:
-	if (ret->ciphers)
+	if (ret && ret->ciphers)
 		sk_SSL_CIPHER_free(ret->ciphers);
 	if (ret)
 		OPENSSL_free(ret);