From b85a4c2923d21ad8b55724e601e529c1ed3fc7cf Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@chromium.org>
Date: Thu, 19 Mar 2015 14:47:27 -0400
Subject: [PATCH] Remove unnecessary NULL initializations in ssl_cert_dup.

A casual grep would suggest this function has the same problems as
CVE-2015-0291, but the structure is memset to 0, so the calls are unnecessary.
Also use BUF_memdup rather than an OPENSSL_malloc + mempcy pair.

Change-Id: Id605374d99cff32e2dccb7f9b8a9da226faf7715
Reviewed-on: https://boringssl-review.googlesource.com/4051
Reviewed-by: Adam Langley <agl@google.com>
---
 ssl/ssl_cert.c | 23 +++++------------------
 1 file changed, 5 insertions(+), 18 deletions(-)

diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index a1b69dad..af3ded76 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -178,7 +178,6 @@ CERT *ssl_cert_dup(CERT *cert) {
     OPENSSL_PUT_ERROR(SSL, ssl_cert_dup, ERR_R_MALLOC_FAILURE);
     return NULL;
   }
-
   memset(ret, 0, sizeof(CERT));
 
   ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]];
@@ -243,34 +242,24 @@ CERT *ssl_cert_dup(CERT *cert) {
     }
   }
 
-  /* Peer sigalgs set to NULL as we get these from handshake too */
-  ret->peer_sigalgs = NULL;
-  ret->peer_sigalgslen = 0;
-  /* Configured sigalgs however we copy across */
-
+  /* Copy over signature algorithm configuration. */
   if (cert->conf_sigalgs) {
-    ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen);
+    ret->conf_sigalgs = BUF_memdup(cert->conf_sigalgs, cert->conf_sigalgslen);
     if (!ret->conf_sigalgs) {
       goto err;
     }
-    memcpy(ret->conf_sigalgs, cert->conf_sigalgs, cert->conf_sigalgslen);
     ret->conf_sigalgslen = cert->conf_sigalgslen;
-  } else {
-    ret->conf_sigalgs = NULL;
   }
 
   if (cert->client_sigalgs) {
-    ret->client_sigalgs = OPENSSL_malloc(cert->client_sigalgslen);
+    ret->client_sigalgs = BUF_memdup(cert->client_sigalgs,
+                                     cert->client_sigalgslen);
     if (!ret->client_sigalgs) {
       goto err;
     }
-    memcpy(ret->client_sigalgs, cert->client_sigalgs, cert->client_sigalgslen);
     ret->client_sigalgslen = cert->client_sigalgslen;
-  } else {
-    ret->client_sigalgs = NULL;
   }
-  /* Shared sigalgs also NULL */
-  ret->shared_sigalgs = NULL;
+
   /* Copy any custom client certificate types */
   if (cert->client_certificate_types) {
     ret->client_certificate_types = BUF_memdup(
@@ -296,8 +285,6 @@ CERT *ssl_cert_dup(CERT *cert) {
     ret->chain_store = cert->chain_store;
   }
 
-  ret->ciphers_raw = NULL;
-
   return ret;
 
 err: