Tidy up dtls1_hm_fragment_new and fix (unreachable) memory leak.

clang scan-build found a memory leak if the overflow codepath in
dtls1_hm_fragment is hit. Along the way, tidy up that function.

Change-Id: I3c4b88916ee56ab3ab63f93d4a967ceae381d187
Reviewed-on: https://boringssl-review.googlesource.com/5870
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2015-09-12 18:21:35 -04:00 committed by Adam Langley
parent 626c68601c
commit c99807d843

View File

@ -147,52 +147,44 @@ static void dtls1_fix_message_header(SSL *s, unsigned long frag_off,
unsigned long frag_len); unsigned long frag_len);
static unsigned char *dtls1_write_message_header(SSL *s, unsigned char *p); static unsigned char *dtls1_write_message_header(SSL *s, unsigned char *p);
static hm_fragment *dtls1_hm_fragment_new(unsigned long frag_len, static hm_fragment *dtls1_hm_fragment_new(size_t frag_len, int reassembly) {
int reassembly) { hm_fragment *frag = OPENSSL_malloc(sizeof(hm_fragment));
hm_fragment *frag = NULL;
uint8_t *buf = NULL;
uint8_t *bitmask = NULL;
frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment));
if (frag == NULL) { if (frag == NULL) {
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
return NULL; return NULL;
} }
memset(frag, 0, sizeof(hm_fragment));
if (frag_len) { /* If the handshake message is empty, |frag->fragment| and |frag->reassembly|
buf = (uint8_t *)OPENSSL_malloc(frag_len); * are NULL. */
if (buf == NULL) { if (frag_len > 0) {
frag->fragment = OPENSSL_malloc(frag_len);
if (frag->fragment == NULL) {
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
OPENSSL_free(frag); goto err;
return NULL;
} }
}
/* zero length fragment gets zero frag->fragment */ if (reassembly) {
frag->fragment = buf; /* Initialize reassembly bitmask. */
if (frag_len + 7 < frag_len) {
/* Initialize reassembly bitmask if necessary */ OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW);
if (reassembly && frag_len > 0) { goto err;
if (frag_len + 7 < frag_len) {
OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW);
return NULL;
}
size_t bitmask_len = (frag_len + 7) / 8;
bitmask = (uint8_t *)OPENSSL_malloc(bitmask_len);
if (bitmask == NULL) {
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
if (buf != NULL) {
OPENSSL_free(buf);
} }
OPENSSL_free(frag); size_t bitmask_len = (frag_len + 7) / 8;
return NULL; frag->reassembly = OPENSSL_malloc(bitmask_len);
if (frag->reassembly == NULL) {
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
goto err;
}
memset(frag->reassembly, 0, bitmask_len);
} }
memset(bitmask, 0, bitmask_len);
} }
frag->reassembly = bitmask;
return frag; return frag;
err:
dtls1_hm_fragment_free(frag);
return NULL;
} }
void dtls1_hm_fragment_free(hm_fragment *frag) { void dtls1_hm_fragment_free(hm_fragment *frag) {