Remove unnecessary NULL initializations in ssl_cert_dup.

A casual grep would suggest this function has the same problems as CVE-2015-0291, but the structure is memset to 0, so the calls are unnecessary. Also use BUF_memdup rather than an OPENSSL_malloc + mempcy pair. Change-Id: Id605374d99cff32e2dccb7f9b8a9da226faf7715 Reviewed-on: https://boringssl-review.googlesource.com/4051 Reviewed-by: Adam Langley <agl@google.com>
2015-03-19 14:47:27 -04:00 · 2015-03-19 14:47:27 -04:00 · b85a4c2923
commit b85a4c2923
parent cdea40c3e2
1 changed files with 5 additions and 18 deletions
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@ -178,7 +178,6 @@ CERT *ssl_cert_dup(CERT *cert) {
    OPENSSL_PUT_ERROR(SSL, ssl_cert_dup, ERR_R_MALLOC_FAILURE);
    return NULL;
  }
-
  memset(ret, 0, sizeof(CERT));

  ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]];
@ -243,34 +242,24 @@ CERT *ssl_cert_dup(CERT *cert) {
    }
  }

-  /* Peer sigalgs set to NULL as we get these from handshake too */
-  ret->peer_sigalgs = NULL;
-  ret->peer_sigalgslen = 0;
-  /* Configured sigalgs however we copy across */
-
+  /* Copy over signature algorithm configuration. */
  if (cert->conf_sigalgs) {
-    ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen);
+    ret->conf_sigalgs = BUF_memdup(cert->conf_sigalgs, cert->conf_sigalgslen);
    if (!ret->conf_sigalgs) {
      goto err;
    }
-    memcpy(ret->conf_sigalgs, cert->conf_sigalgs, cert->conf_sigalgslen);
    ret->conf_sigalgslen = cert->conf_sigalgslen;
-  } else {
-    ret->conf_sigalgs = NULL;
  }

  if (cert->client_sigalgs) {
-    ret->client_sigalgs = OPENSSL_malloc(cert->client_sigalgslen);
+    ret->client_sigalgs = BUF_memdup(cert->client_sigalgs,
+                                     cert->client_sigalgslen);
    if (!ret->client_sigalgs) {
      goto err;
    }
-    memcpy(ret->client_sigalgs, cert->client_sigalgs, cert->client_sigalgslen);
    ret->client_sigalgslen = cert->client_sigalgslen;
-  } else {
-    ret->client_sigalgs = NULL;
  }
-  /* Shared sigalgs also NULL */
-  ret->shared_sigalgs = NULL;
+
  /* Copy any custom client certificate types */
  if (cert->client_certificate_types) {
    ret->client_certificate_types = BUF_memdup(
@ -296,8 +285,6 @@ CERT *ssl_cert_dup(CERT *cert) {
    ret->chain_store = cert->chain_store;
  }

-  ret->ciphers_raw = NULL;
-
  return ret;

 err: