Fix various malloc failure codepaths.

CRYPTO_MUTEX_init needs a CRYPTO_MUTEX_cleanup. Also a pile of problems with x509_lu.c I noticed trying to import some upstream change. Change-Id: I029a65cd2d30aa31f4832e8fbfe5b2ea0dbc66fe Reviewed-on: https://boringssl-review.googlesource.com/6346 Reviewed-by: Adam Langley <alangley@gmail.com>
2015-10-23 18:46:16 -04:00 · 2015-10-23 18:46:16 -04:00 · 79680ffaed
commit 79680ffaed
parent 68b4e8933e
4 changed files with 18 additions and 3 deletions
--- a/crypto/dh/dh.c
+++ b/crypto/dh/dh.c
@ -97,12 +97,14 @@ DH *DH_new_method(const ENGINE *engine) {

  dh->references = 1;
  if (!CRYPTO_new_ex_data(&g_ex_data_class, dh, &dh->ex_data)) {
+    CRYPTO_MUTEX_cleanup(&dh->method_mont_p_lock);
    OPENSSL_free(dh);
    return NULL;
  }

  if (dh->meth->init && !dh->meth->init(dh)) {
    CRYPTO_free_ex_data(&g_ex_data_class, dh, &dh->ex_data);
+    CRYPTO_MUTEX_cleanup(&dh->method_mont_p_lock);
    METHOD_unref(dh->meth);
    OPENSSL_free(dh);
    return NULL;
--- a/crypto/dsa/dsa.c
+++ b/crypto/dsa/dsa.c
@ -103,6 +103,7 @@ DSA *DSA_new_method(const ENGINE *engine) {
  CRYPTO_MUTEX_init(&dsa->method_mont_p_lock);

  if (!CRYPTO_new_ex_data(&g_ex_data_class, dsa, &dsa->ex_data)) {
+    CRYPTO_MUTEX_cleanup(&dsa->method_mont_p_lock);
    METHOD_unref(dsa->meth);
    OPENSSL_free(dsa);
    return NULL;
@ -110,6 +111,7 @@ DSA *DSA_new_method(const ENGINE *engine) {

  if (dsa->meth->init && !dsa->meth->init(dsa)) {
    CRYPTO_free_ex_data(&g_ex_data_class, dsa, &dsa->ex_data);
+    CRYPTO_MUTEX_cleanup(&dsa->method_mont_p_lock);
    METHOD_unref(dsa->meth);
    OPENSSL_free(dsa);
    return NULL;
--- a/crypto/rsa/rsa.c
+++ b/crypto/rsa/rsa.c
@ -100,6 +100,7 @@ RSA *RSA_new_method(const ENGINE *engine) {
  CRYPTO_MUTEX_init(&rsa->lock);

  if (!CRYPTO_new_ex_data(&g_ex_data_class, rsa, &rsa->ex_data)) {
+    CRYPTO_MUTEX_cleanup(&rsa->lock);
    METHOD_unref(rsa->meth);
    OPENSSL_free(rsa);
    return NULL;
@ -107,6 +108,7 @@ RSA *RSA_new_method(const ENGINE *engine) {

  if (rsa->meth->init && !rsa->meth->init(rsa)) {
    CRYPTO_free_ex_data(&g_ex_data_class, rsa, &rsa->ex_data);
+    CRYPTO_MUTEX_cleanup(&rsa->lock);
    METHOD_unref(rsa->meth);
    OPENSSL_free(rsa);
    return NULL;
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@ -187,12 +187,16 @@ X509_STORE *X509_STORE_new(void)
 	if ((ret=(X509_STORE *)OPENSSL_malloc(sizeof(X509_STORE))) == NULL)
 		return NULL;
 	memset(ret, 0, sizeof(*ret));
-	ret->objs = sk_X509_OBJECT_new(x509_object_cmp);
 	CRYPTO_MUTEX_init(&ret->objs_lock);
+	ret->objs = sk_X509_OBJECT_new(x509_object_cmp);
+	if (ret->objs == NULL)
+		goto err;
 	ret->cache = 1;
 	ret->get_cert_methods = sk_X509_LOOKUP_new_null();
-
-	if ((ret->param = X509_VERIFY_PARAM_new()) == NULL)
+	if (ret->get_cert_methods == NULL)
+		goto err;
+	ret->param = X509_VERIFY_PARAM_new();
+	if (ret->param == NULL)
 		goto err;

 	ret->references = 1;
@ -200,6 +204,7 @@ X509_STORE *X509_STORE_new(void)
 err:
 	if (ret)
 		{
+		CRYPTO_MUTEX_cleanup(&ret->objs_lock);
 		if (ret->param)
 			X509_VERIFY_PARAM_free(ret->param);
 		if (ret->get_cert_methods)
@ -498,6 +503,8 @@ STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
 	X509 *x;
 	X509_OBJECT *obj;
 	sk = sk_X509_new_null();
+	if (sk == NULL)
+		return NULL;
 	CRYPTO_MUTEX_lock_write(&ctx->ctx->objs_lock);
 	idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt);
 	if (idx < 0)
@ -546,6 +553,8 @@ STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
 	X509_CRL *x;
 	X509_OBJECT *obj, xobj;
 	sk = sk_X509_CRL_new_null();
+	if (sk == NULL)
+		return NULL;
 	CRYPTO_MUTEX_lock_write(&ctx->ctx->objs_lock);
 	/* Check cache first */
 	idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt);